On a Linux system with the GnuPG (http://www.gnupg.org/) package installed, you can follow the following steps to verify the PGP signature:

1. Find the DSA key ID of the public key used for the signature:

# gpg masterkey-linux-0.2.iso.md5.asc
gpg: Signature made Thu Aug 20 15:03:08 2009 BST using DSA key ID EC0FEA84
gpg: Can't check signature: public key not found

2. Import the public key either from a key server such as pgp.mit.edu:

# gpg --keyserver pgp.mit.edu --recv-key EC0FEA84
gpg: requesting key EC0FEA84 from hkp server pgp.mit.edu
gpg: key EC0FEA84: public key "Qin Z < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >" imported
gpg: Total number processed: 1
gpg:               imported: 1

or from a public key file:

# gpg --import mk_public_key.asc
gpg: key EC0FEA84: "Qin Z < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >" imported
gpg: Total number processed: 1
gpg:              unchanged: 1

3. Check the fingerprint of the key if you like:

# gpg --fingerprint EC0FEA84
pub   1024D/EC0FEA84 2009-08-20
      Key fingerprint = EE98 0DA4 CF85 B03F 9942  DE71 0ACD F209 EC0F EA84
uid                  Qin Z < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >
sub   1024g/4F2B0382 2009-08-20

4. Verify the signature:

# gpg --verify masterkey-linux-0.2.zip.md5.asc
gpg: Signature made Thu Aug 20 15:03:08 2009 BST using DSA key ID EC0FEA84
gpg: Good signature from "Qin Z < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: EE98 0DA4 CF85 B03F 9942  DE71 0ACD F209 EC0F EA84