I have had no luck verifying the signatures from any of the markets I have clicked through. Got phished using the .onion address for World Market and lost about $100, which I chalk up to a learning experience.
How in the world are you supposed to trust the PGP signature that comes from one of the link aggregator sites.. I mean wouldn’t it make sense that you put up a bad link aggregator site, create a bunch of bogus signatures, have people go to the link and think they’re verifying, and then have them send their coins to a bad address?
Just not wrapping my head around how you can actually verify, even with the PGP signature, unless you already know that it’s legit.