Checking source code signatures?

Hey all,

I'm trying to verify the signatures of the downloaded source code for
LLVM-3.5. If I understand correctly, the .sig files should be checked
using a command like

    gpg --verify llvm-3.5.0.src.tar.xz.sig llvm-3.5.0.src.tar.xz

But when I run this, I get an error

    gpg: Can't check signature: public key not found

I've been poking around on but I can't seem to find any
mention of where this key resides or how to get it onto my machine.
It seems like it would be useful to have at least a link to
instructions on how to do this on the downloads page.

Also, if anyone can point me to the key, I'd be happy to write such
documentation once I figure out the process.