Besides the lolz I was involved on an identify thief incident,
somebody created a GPG key with the same short id as mine. It is important to mention that while short id is different
the complete id(s) are different on both keys.
Gunnar Wolf, wrote in great detail about the issue http://gwolf.org/node/4070
And he even posted to LWN
Erico Zini created an utility to verify keys https://github.com/spanezz/verify-trust-paths
and the corresponding blog post http://www.enricozini.org/blog/2016/debian/verifying-gpg-keys
TL;DR what to do to avoid faling in this trap!
~/.gnupg/gpg.confso GPG will show you long IDs by default
- If your scripts handle GPG IDs use long IDs, you can pass the options
--keyid-format 0xlong, alternatively
--with-colonswill give you an output easily parseable by shell scripts, and long keyids!!!
I'm not adding much if you did read Gunnar's and Erico's blog, but I think is worth to repeat that valuable advice.
PS: I should have post about this long ago