At the time there were implemented in GPG they were not insecure. If age and minisign are around 10 or 20 years for now, we'll see if your statement is still true.
Obviously Filippo Valsorda will release a new version that fixes whatever the issue is and will deprecate the old version immediately.
The new code might retain ability to decrypt the old version but not encrypt with the old version, for compatibility with old backup files or whatever. If he thinks it's safe to do.
Okay, so you're trust is completely in one person having perfect design decisions and that he chooses to continue to maintain these tools in perpetuity.
You also state that tool may or may not be able interact with past files. Which means it might be useless.
Git is in the process of deprecating sha1, and you end up having the put flexibility in after a tool expands. It will likely keep supporting sha1 even after it is much more trivial to create collisions.
No one is getting locked out of their files created by an old version. There will be a migration path. The old code will be in git. Worst case, the spec is open, I can implement the spec myself in python, using pycryptodome and pyca/cryptography, it wouldn't be hard.
I trust his judgement much more than I trust the group that maintains gpg. Of course, actually, there is a community, Filippo is not working in a vacuum. Worst case, if Filippo stops maintaining it or makes bad decisions, someone else (or a group of people) will maintain it.
