Sign the dist as the last step before creating the archive. Take care not to modify/regenerate dist meta files or the manifest.

Error: Old SIGNATURE detected. Please inform the module author to regenerate SIGNATURE using Module::Signature version 0.82 or newer. gpg: Signature made Wed 22 May 2013 07:36:09 AM JST gpg: using RSA key 5F1BF8166B9696F4 gpg: Can't check signature: No public key --- SIGNATURE Wed May 22 07:36:09 2013 +++ @@ -3,7 +3,7 @@ SHA1 82e2a8ca991a452e14f1a44adb86efe52c29f7de INSTALL SHA1 4d7a909a641aef78cab40eadb3e6a01244dfa538 LICENSE SHA1 b5c7cd10a53939d901ad60d089e4ec0000faa55f MANIFEST -SHA1 95d0cfc25b9ada32abbd5cdf1d36699f9639db08 MANIFEST.SKIP +SHA1 9ced15c2371875c1973d9e7e159f8f448f379e92 MANIFEST.SKIP SHA1 6e583e56295d358690b9ffe897146afa965568d4 META.json SHA1 78ecc0761dbde97697e1c58c3e6279c28531018f META.yml SHA1 dd0b75df5ff155d4207c3fa9dc6632b35c35020a Makefile.PL ==> MISMATCHED content between SIGNATURE and distribution files! <==