If someone signs and encrypts their code or email with their PGP digital signature, you could, in theory, be sure they are who they say they are and their words or code are indeed their words or code. If they use a short (32-bit or smaller) key, they have no real security. In that case, a hacker can now easily forge a fake PGP signature. And that's exactly what happened to Linus Torvalds, Greg Kroah-Hartman, and other leading Linux kernel developers.
On the Linux Kernel Mailing List (LKML), it was revealed that for the last two months, since about mid-June, "some developers found their fake keys with same name, email, and even 'same' fake signatures by more fake keys in the wild, on the keyservers".
This isn't a new attack. Linux programmers have known since December 2011 that short PGP keys were inherently insecure. It's just that no one bothered to break the PGP keys... until now.