Sign the dist as the last step before creating the archive. Take care not to modify/regenerate dist meta files or the manifest.

Error: WARNING: This key is not certified with a trusted signature! Primary key fingerprint: 7C6B 5E9D 1F3F E35F 7A58 83B6 4666 E800 D8A8 E2D9 --- SIGNATURE Thu Jun 25 21:51:44 2020 +++ @@ -1,10 +1,10 @@ SHA256 0f80cd4bfc5ad95a0cfcdc43629c819991431e82f0a4a2dd4edf7d54f3b63d2a ANDK2020.pub SHA256 1847f802a331b202eae02729e828d6b59ef4c6129020660ecd6865b67ec4dfb5 AUDREYT2018.pub SHA256 7de2bf0898f4a1e79d92f9e8ae68e7578eeaaff74211cddc0dfdc7996887cdc1 AUTHORS -SHA256 49689acf04d6d96e424a558ac22e3b491b01a65145ca5c067540e04ad52bf50c Changes +SHA256 52d08b977d9d682e646c013da09ddf5a2702ec2fe06c1b246d7b95f79074693c Changes SHA256 6828a8f4070955a3fc3c83fc324e82bd9b4fc89cac00d1dd53698bd3e297a001 MANIFEST SHA256 093c47e35166ca8f4d6cb4a1d51b436809a4fca4bdb43221bd8fb67adac2e425 MANIFEST.SKIP -SHA256 0fac3c54cc361c8a0c543893f801bc4ce1314d86eaca1c0d4ffc9495f1adb24f META.yml +SHA256 4331ee41e87634f3e3178beab3a2de75fb12fc7d7a4ffc167884746d3a588074 META.yml SHA256 f3e3534a6177a9ebd0875b5c64a3c923a375b34aaec0fbe1e4d16c5a12ac7cd0 Makefile.PL SHA256 c9b4cc9f924857b93a081066bdc7f120e537469c1b605e19c1f07296ac07cfdd NIKLASHOLM2018.pub SHA256 bd9fe086be0b4eacb39dd5e9db2f84b1c30d4f98fcd32864fa2b9e2cb57bb646 PAUSE2020.pub @@ -19,7 +19,7 @@ SHA256 a10f0f4ebb579bae28ec5a372c5b7bcdc07df89aa24c04b502e0d0442230f200 inc/Module/Install/Scripts.pm SHA256 9cf3940ab15fd196c7b147aea3ab3c18d9ec3fdb3eadb238dc50120185cf81e7 inc/Module/Install/Win32.pm SHA256 c6cee30b2053ca28654b3216340169ca97ff2b2bcbb5a1ef7e3b7e3cf593419b inc/Module/Install/WriteAll.pm -SHA256 b3d60bfcf8690d0736c082e34c2ba86506c051395e65965e3ef44aca448b5e5a lib/Module/Signature.pm +SHA256 cc58c9a16dd85df97882955d2573a9d3801b2014233162f025c7479d8a7e6e3b lib/Module/Signature.pm SHA256 51aa9c445c6f54c26fc37d5ec2e42535461eb3a78911ca2516dd1c97e7aa7185 script/cpansign SHA256 286fda83531d99b34e214b0058ba806a38bdb6317fc3c6ca2f7c5a9840f1c092 t/0-signature.t SHA256 9be1e82eed0cb08514d2e3654b1396a23e5dd89ca8a5e67788ac6492697a5ce3 t/1-basic.t ==> MISMATCHED content between SIGNATURE and distribution files! <==

Add a META.json to the distribution. Your buildtool should be able to autogenerate it.

Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.

Error: Module::Signature

Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.

This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.