On unix platforms the following command can be executed :
for file in `find . -type f -iname '*.asc'`
do
gpg --verify ${file}
done
You'll need to look at the output contains only good signaturesie :
gpg: Good signature from "Michael Dick (CODE SIGNING KEY) <mikedd@apache.org>"
gpg: Signature made Tue 12 Jan 2010 05:30:17 PM CST using RSA key ID 7412AD2C
gpg: Good signature from "Michael Dick (CODE SIGNING KEY) <mikedd@apache.org>"
gpg: Signature made Tue 12 Jan 2010 05:30:18 PM CST using RSA key ID 7412AD2C
gpg: Good signature from "Michael Dick (CODE SIGNING KEY) <mikedd@apache.org>"
gpg: Signature made Tue 12 Jan 2010 05:30:17 PM CST using RSA key ID 7412AD2C
gpg: Good signature from "Michael Dick (CODE SIGNING KEY) <mikedd@apache.org>"
