Where did you get those files? I think they are falsified!
BE VERY CAREFUL and don't run it.
- My name is not "Wladimir J. van der lann" but "Wladimir J. van der Laan" (and my mail is not
lannwj@gmail.com either)
- There is no "bitcoin-0.15.0.1-osx.dmg.asc". The only signed file in the distribution should be "SHA256SUMS.asc" which contains a list of SHA256 hashes, one for every file.
I followed the following steps on the command line to manually check the correctness of the release signing signature on 0.15.0.1:
$ wget https://bitcoin.org/bin/bitcoin-core-0.15.0.1/bitcoin-0.15.0.1-osx.dmg
$ wget https://bitcoin.org/bin/bitcoin-core-0.15.0.1/SHA256SUMS.asc
$ gpg < SHA256SUMS.asc | sha256sum -c --ignore-missing
gpg: Signature made Tue 19 Sep 2017 02:16:05 PM CEST
gpg: using RSA key 0x90C8019E36C2E964
gpg: Good signature from "Wladimir J. van der Laan (Bitcoin Core binary release signing key) " [ultimate]
bitcoin-0.15.0.1-osx.dmg: OK
Do not run any dmg or other binary until you get an output like this.