>Actually, GPG allows the chain to extend for longer. You can verify a You -> Alice -> Bob -> Carol chain.
But it certainly doesn't mandate it. It's called the web of trust, not the chain of trust. You would never have such a chain of trust in real life so there is no reason to use PGP to create a model that doesn't make sense. Trust is normally quite shallow.
This is a generic rhetorical technique often used against flexible systems. The flexibility is used to create absurd straw men.
Those connections exist on keyservers already, GPG just doesn't have a comfortable way of finding them. For instance if you want to verify M's key, you have:
A -> B -> G -> M
A -> C -> H -> M
A -> D -> H -> M
A -> E -> I -> M
Using multiple paths should allow building some confidence into M's key.
The issue is that in the current model, A has the keys for B, C, D and E, and also M's key since they're trying to check their signature. But the rest of the web that is present on keyservers isn't easily reachable to the user.
But it certainly doesn't mandate it. It's called the web of trust, not the chain of trust. You would never have such a chain of trust in real life so there is no reason to use PGP to create a model that doesn't make sense. Trust is normally quite shallow.
This is a generic rhetorical technique often used against flexible systems. The flexibility is used to create absurd straw men.