Sign the dist as the last step before creating the archive. Take care not to modify/regenerate dist meta files or the manifest.

Error: Old SIGNATURE detected. Please inform the module author to regenerate SIGNATURE using Module::Signature version 0.82 or newer. gpg: Signature made Thu 18 Feb 2010 12:05:26 AM JST gpg: using DSA key 122F5DF7108E4046 gpg: Can't check signature: No public key ==> BAD/TAMPERED signature detected! <==

Add a META.json to the distribution. Your buildtool should be able to autogenerate it.

Add a 'repository' resource to the META.yml via 'meta_add' accessor (for Module::Build) or META_ADD parameter (for ExtUtils::MakeMaker).

This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.