Arch Linux

key was added 5 days ago, but commented out. Not sure why.
https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/lsof&id=38d68d74427f3c037246545c7c6f169332b2e444

https://www.gnupg.org/faq/whats-new-in-2.1.html#nopgp2

"Removal of PGP-2 support

Some algorithms and parts of the protocols as used by the 20 years old PGP-2 software are meanwhile considered unsafe. In particular the baked in use of the MD5 hash algorithm limits the security of PGP-2 keys to non-acceptable rate. Technically those PGP-2 keys are called version 3 keys (v3) and are easily identified by a shorter fingerprint which is commonly presented as 16 separate double hex digits.

With GnuPG 2.1 all support for those keys has gone. If they are in an existing keyring they will eventually be removed. If GnuPG encounters such a key on import it will not be imported due to the not anymore implemented v3 key format. Removing the v3 key support also reduces complexity of the code and is thus better than to keep on handling them with a specific error message.

There is one use case where PGP-2 keys may still be required: For existing encrypted data. We suggest to keep a version of GnuPG 1.4 around which still has support for these keys (it might be required to use the --allow-weak-digest-algos option). A better solution is to re-encrypt the data using a modern key."

the package maintainer must use the latest GnuPG classic release to verify it and then use sha512sums to future-proof it.

Sounds like a "Won't Implement" to me.