You import the operator public key once. After that, every future rotation verifies against the same key on your keyring. This reading covers the one-time import.
Where to fetch the key from
Two independent sources. The pinned Dread profile of the operator carries the public key. Every current WeTheNorth mirror serves the same public key from the /pgp path (accessed after login).
Fetch from both. Cross-check the fingerprint. If they agree, the key is genuine. If they do not agree, at least one source is compromised, and you should not import either key until the situation clarifies.
The import command
Save the operator public key block into a text file called wtn.asc. Run:
gpg --import wtn.asc
The output confirms the import and shows the key ID.
Save the fingerprint
List keys with fingerprint:
gpg --list-keys --with-fingerprint
Copy the fingerprint (40 hex chars in 10 groups of 4). Write it on paper or store it in an encrypted local note. Use it to verify future keyring state (if you ever switch machines, you can confirm the operator key on the new machine matches your stored fingerprint).
Never re-fetch
The whole point of the model is that trust rests on the first key you imported. Re-fetching the key gives an attacker another chance to poison your trust anchor. If you have the key on your keyring, use it. Do not import a new copy.