> at the start, there is a PGP-signed copy of the text offered
Which shows you don't understand the problem.
HTTPS on content only sides is primary about preventing people with tampering with the website in ways which potentially can hurt you from just opening them. The increased trust-ability of the content is important too, but only secondary.
A PGP signed copy helps me to verify the content after I already fully loaded it with a lot of additional overhead.
It doesn't prevent JS injected into your side from being executed, does it prevent a injected http redirect to a fingerprinting site or similar (which e.g. could use non JS fingerprinting or potential non JS based RCE attack vectors, which luckily I haven't heard of in browsers in recent years but are not impossible at all.).
As long a browsers don't check the signature before loading/parsing any content it isn't secure.
EDIT: In general in 2021 using HTTS "doesn't cost you anything" (in the sense of nearly anyone can afford it), neither does it prevent you from still doing what you currently do (standing by PGP(oversimplified)) and being against the by now pretty much not-undoable not-decentralized HTTS infrastructure. But realism is a important part of security.
> HTTPS on content only sides is primary about preventing people with tampering with the website
"people" here specifically excluding Verisign & its successor racketeers, the NSA (plus bananistani national equivalents thereof).
> in ways which potentially can hurt you from just opening them
Running shitware is optional.
> It doesn't prevent JS injected into your side from being executed
The only solution to malicious JS is... to switch off JS. Asking people you don't know to pay the cert tax does not somehow guarantee that their JS is not malicious.
> ... check the signature before loading/parsing any content it isn't secure.
"Secure content" is what you obtained from someone you actually trust and verified with a pubkey you received out of band (ideally -- meatspace). All other content may as well have been authored by evil martians, despite any pretense to the contrary.
> by now pretty much not-undoable not-decentralized HTTS infrastructure
What part of "Where I still have the freedom not to use the Reich's master-keyed pseudocryptographic garbage - I will not use it" is hard to understand?
IMHO it is quite strange that the "HTTPS-everywhere" nonsense isn't immediately understood by everyone for what it is -- simply Google's latest effort to stymie ad-blocking (with the applause of NSA, whose mission today consists largely of efforts to retard the development of actual - i.e. not masterkeyed and not escrowed - crypto.)
Which shows you don't understand the problem.
HTTPS on content only sides is primary about preventing people with tampering with the website in ways which potentially can hurt you from just opening them. The increased trust-ability of the content is important too, but only secondary.
A PGP signed copy helps me to verify the content after I already fully loaded it with a lot of additional overhead.
It doesn't prevent JS injected into your side from being executed, does it prevent a injected http redirect to a fingerprinting site or similar (which e.g. could use non JS fingerprinting or potential non JS based RCE attack vectors, which luckily I haven't heard of in browsers in recent years but are not impossible at all.).
As long a browsers don't check the signature before loading/parsing any content it isn't secure.
EDIT: In general in 2021 using HTTS "doesn't cost you anything" (in the sense of nearly anyone can afford it), neither does it prevent you from still doing what you currently do (standing by PGP(oversimplified)) and being against the by now pretty much not-undoable not-decentralized HTTS infrastructure. But realism is a important part of security.