Subject: | Signature fails to verify |
As per subject. Indicative is that META.yml has a timestamp after SIGNATURE:
% ls -l SIGNATURE META.yml
-rw-r--r-- 1 sand sand 583 2014-04-02 22:30:53 META.yml
-rw-r--r-- 1 sand sand 2640 2014-04-02 22:30:32 SIGNATURE
% /home/sand/src/perl/repoperls/installed-perls/host/k93x64sid/v5.25.12/29a8/bin/cpansign -v
Executing gpg --verify --batch --no-tty --keyserver=hkp://pool.sks-keyservers.net:11371 --keyserver-options=auto-key-retrieve /tmp/cdhG0PMCtE
gpg: Signature made Wed 02 Apr 2014 10:30:29 PM CEST
gpg: using RSA key 176D68BDF01AD228
gpg: Good signature from "Sam Vilain <sam@vilain.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: BDDE 893A 84B4 53F3 81FE 3034 176D 68BD F01A D228
--- SIGNATURE Wed Apr 2 22:30:32 2014
+++ (current) Tue May 9 11:48:08 2017
@@ -1,6 +1,6 @@
SHA1 566c4a39f138f573e0180135ebd5ccb65c3c0c43 Changes.pod
SHA1 41236ad9cb13c0abf09d7dc8d8b93b9c4e215c1c MANIFEST
-SHA1 a6b58872fa78436fe38ae7417e409c52f3b6d9f7 META.yml
+SHA1 28580ce20f179505c4c541806318db4df849a972 META.yml
SHA1 0fa9575de5e9a121ca074b68aae2d669909f3a74 Makefile.PL
SHA1 260379dc3c27fc8aa6e64273b0b94580fda0750d README
SHA1 f224f94e8c664df8970684fc09837d3aa4769a3a lib/Scriptalicious.pm
==> MISMATCHED content between SIGNATURE and distribution files! <==
HTH&&Thanks,