To verify the pgp signature of white_dune with gpg use (you need "curl" and "gpg"):
curl -o/tmp/gpg http://www.cacert.org/certs/cacert.asc && gpg --import /tmp/gpg
curl -o/tmp/gpg https://wdune.ourproject.org/mufti.asc && gpg --import /tmp/gpg
gpg --verify wdune-*.tar.bz2.sig wdune-*.tar.bz2
You should see something like:
gpg: Signature made ???
gpg: using RSA key 7686907C86109D8A31A004AC3005F9A641282A81
gpg: Good signature from "Jörg Scheurich (white_dune upstream)
" [ultimate]