Yes, but the issue of a key being weak (using a compromised cipher, having too little entropy, etc) is orthogonal to how the actual communication works. If your key is weak for any reason, the encryption and signatures of your messages may be worthless, and that's what warnings should be about. Also, on incoming messages, if they have the same problem, there could be at least a warning about the key not being secure enough/cipher being old or compromised. I'll decrypt the message, but beware. That kind of warning.

The difficult part, of course, is that since there's no official approved way to have a remote/online keysigning party, communicating newly-generated keys to others in a trustworthy and secure way may surely prove to be a problem.

PGP (by which I mean GPG's OpenPGP implementation) will show you the type and size of a public key. It can't tell you that they have a shitty password or have their private key password printed on their t-shirt. When you receive a message the session key was encrypted with your public key so it's only as good as your key.

You can check out an encrypted message to see what symmetric cipher and digest was used. While GPG could throw up a warning there's nothing you can do about a weak symmetric key or digest. There's no return channel to the sender and no handshake.

In the case of signed packages the issues of poor digests is more the fault of the repository. They are the ones that need to enforce the digests and asymmetric key types they support. They could easily reject MD5 signatures and small public keys.