I wonder how do I verify signatures in cases like this one, http://www.balabit.com/downloads/syslog-ng/2.0/src/ only have the following files to download:

syslog-ng-2.0.0.tar.gz File 329.64k 10/28/2006
syslog-ng-2.0.0.tar.gz.asc File 191 10/28/2006
syslog-ng-2.0.1.tar.gz File 340.35k 12/22/2006
syslog-ng-2.0.1.tar.gz.asc File 189 12/22/2006
syslog-ng-2.0.2.tar.gz File 344.24k 01/29/2007
syslog-ng-2.0.2.tar.gz.asc ..............

that's the general idea. I've seen it in a couple of websites already, how do I get the .sig file so I can verify the signature with the .asc file. How do I verify the signature if they only provide the .asc file but not the .sig file. thanks.

I knew would be an stupid question, just in case someone else wonder how to do it, I paste the answer here

-----> gpg --verify syslog-ng-2.0.2.tar.gz.asc syslog-ng-2.0.2.tar.gz
gpg: Signature made Mon 29 Jan 2007 03:20:17 AM MST using DSA key ID ADCF4138
gpg: Can't check signature: public key not found

-----> gpg --keyserver pgp.mit.edu --recv-keys ADCF4138
gpg: requesting key ADCF4138 from hkp server pgp.mit.edu
gpg: key ADCF4138: public key "Balazs Scheidler <bazsi@balabit.hu>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1

------>gpg --verify syslog-ng-2.0.2.tar.gz.asc syslog-ng-2.0.2.tar.gz
gpg: Signature made Mon 29 Jan 2007 03:20:17 AM MST using DSA key ID ADCF4138
gpg: Good signature from "Balazs Scheidler <bazsi@balabit.hu>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8038 B76C B92A 661D E4EF 222D B613 44D0 ADCF 4138