The issue is not resolved: if "gpg --recv-keys" is not sufficient, then some
other step must be added to the instructions, as currently they do not work, at
least not for this non-expert user.

There are two problems:

1. This sentence does not make sense: "You should see a message indicating that

the signature is good and made by of the signing keys." (Maybe the solution is
as simple as deleting "of"?)

2. The following instructions are too brief: "Make sure that you have the right

key, either by checking the fingerprint of that key with other sources or by
checking that the key has been signed by a trustworthy other key." Someone who
is trying to download GnuPG as part of bootstrapping a secure environment for
the first time (e.g. so they can download other software such as Tor in a
trustworthy way), will not know how to follow either of those suggestions.
Concrete instructions are needed.

If I simply download the GPG sources and corresponding signature, and run the
gpg --verify command that is given, I get the following output:

gpg: directory `/home/rrt/.gnupg' created
gpg: new configuration file `/home/rrt/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/rrt/.gnupg/gpg.conf' are not yet active during
this run
gpg: keyring `/home/rrt/.gnupg/pubring.gpg' created
gpg: Signature made Wed 01 Jul 2015 13:56:58 BST using RSA key ID 4F25E3B6
gpg: Can't check signature: public key not found
gpg: Signature made Thu 02 Jul 2015 05:31:06 BST using RSA key ID 33BD3F06
gpg: Can't check signature: public key not found

In other words, it doesn't seem to do anything useful.

I've tried to improve the web page.

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg-doc.git;a=commit;h=fa61217e26a97c4b9f3294746a581aee5eb47ad8

Since Werner needs to check this, I'm changing the status of this issue to
testing and adding him to the cc.

@Reuben: If you have some ideas of additional improvements, I'd be grateful.
Thanks.