That's not the point. The checksums are fine and gpg says
the signature in itself is correct. What I didn't found is how
to verify that the signature belongs indeed to Jeff.
Paste the signature from above to e.g. /tmp/foo.asc
$ gpg /tmp/foo.asc
it asks for the data file (bitcoin client), this will spit out the key ID (2DBF0CA8)
If you plug that into the site you listed, it will complain about it not being in the strong set, but offer you a search (first link):
http://pgp.surfnet.nl:11371/pks/lookup?op=vindex&fingerprint=on&search=0x2DBF0CA8You can get the public key and trace the web from there.