What is the secret to validating the download with the signature?  I am used to verifying files having a download file say file.tar.gz and then a file.tar.gz.asc and running:
after importing the authors public key.  However with bitcoin-qt the signature file SHA256SUMS.asc seems to have signature data for all the different versions of bitcoin-qt.  When I import Gavin Andresen's public key and run:
I get "Good signature" no matter what.  For instance if I completely delete bitcoin-0.8.6-linux.tar.gz I still get "Good signature"  if I create a blank file called bitcoin-0.8.6-linux.tar.gz I still get "Good signature".  It's as if it isn't actually verifying against the bitcoin-0.8.6-linux.tar.gz file.  What am I doing wrong?