I wonder how do I verify signatures in cases like this one,
http://www.balabit.com/downloads/syslog-ng/2.0/src/ only have the following files to download:
syslog-ng-2.0.0.tar.gz File 329.64k 10/28/2006
syslog-ng-2.0.0.tar.gz.asc File 191 10/28/2006
syslog-ng-2.0.1.tar.gz File 340.35k 12/22/2006
syslog-ng-2.0.1.tar.gz.asc File 189 12/22/2006
syslog-ng-2.0.2.tar.gz File 344.24k 01/29/2007
syslog-ng-2.0.2.tar.gz.asc ..............
that's the general idea. I've seen it in a couple of websites already, how do I get the .sig file so I can verify the signature with the .asc file. How do I verify the signature if they only provide the .asc file but not the .sig file. thanks.