Sign the dist as the last step before creating the archive. Take care not to modify/regenerate dist meta files or the manifest.

Error: WARNING: This key is not certified with a trusted signature! Primary key fingerprint: EC2A AF81 139E CE77 3070 E2A2 A27C DEFC 7B48 38F0 --- SIGNATURE Thu Sep 18 02:04:03 2025 +++ @@ -1,7 +1,7 @@ SHA256 9498e5b77192cda0a3d6956b2b59d42f3c4e7dac3fecabbfc15c002599e77757 Changes SHA256 bae2bbc5bb7f2f432338a4c078b5f5db7ea4ad5aec83edd5234870db8e2d1c5a Currency.pm SHA256 553db1b292757f331d25abe52bd1b57c9deb4e4e9e2512fa4e9972c7b0f6a85f LICENSE -SHA256 4660b3de076eabaf582314ebc45e73c3cea542a313c06847d069e6dda8224e05 MANIFEST +SHA256 b0bafc4d12116d7cba5f40d89c194bbc60c950d7e6e5be9a7341f5670dee72bd MANIFEST SHA256 b4d4c377c6b8686667a6d5b811d42d76de4892a7f84e4c8d243420c845b8193c META.yml SHA256 a35fa790964b38eaac94b8f0c58a3b513ebc7a5480a5577d2d5567e281ab0927 Makefile.PL SHA256 eefe058e4700b4f7f5f84ea4c5080b1ba95a93ca62f17b3309fcd6e9e42b6769 README ==> MISMATCHED content between SIGNATURE and distribution files! <==

Add a META.json to the distribution. Your buildtool should be able to autogenerate it.

Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.

Add SECURITY(.pod|md). See Software::Security::Policy.

Add SECURITY(.pod|md) and add a contact address. See Software::Security::Policy.

Add CONTRIBUTING(.pod|md). See https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/setting-guidelines-for-repository-contributors.