Wrong! What GPG signature actually gives you, is that someone, who told you at some earlier point in time that he is Leo, has access to that same GPG key and can use it. This is all you get form GPG. You do not get persons true identity (real name etc) nor any proof, that you are actually communicating with that same person you started out with.
Do not get me wrong,  GPG is great stuff and is very useful.
  
Until there is no PKI, with its certificate authority (CA) etc, all you can say for sure is: "Yes, the same key is/was used."
Yes, there is a good chance that he is the same guy, but what you can NOT say is who (person) is at the other end of that communication.
Same key - yes
Same person - no.  

and one huge LOL must go for the following:

Crickets...