This is good; donating to GnuPG was not an especially effective way of protecting at-risk users, and it's better that the project be supported by the niche userbase (apparently: the German government) that actually uses PGP in 2021, rather than trying to make a social cause out of a (pretty controversial) file format.
I think there are multiple reasons it's good. It's good for security as you've articulated.
It's also good as an example of sustainable open source development via the consulting model. We've seen a lot of hand-wringing about FOSS funding lately. It may not be as flashy or high-profile as VC-funded open core projects with all their ubiquitous marketing, beautiful websites, and submarine PR. But it's a way to make a living by exchanging useful value in exchange for moderate fees, rather than asking for charity or signing up for an unsustainable investment deal.
I agree. That seems like the real story here, and it's good that the top of this thread is still about the funding mechanics at play here and not another endless relitigation of the (contested) value of PGP itself.
