Bug #61053 for Digest-JHash: Invalid SIGNATURE file from older release

% cpansign -v [CPANSHELL] Executing gpg --verify --batch --no-tty --keyserver=hkp://pool.sks-keyservers.net:11371 --keyserver-options=auto-key-retrieve SIGNATURE gpg: Signature made Fri 06 Jun 2008 03:15:15 PM CEST using RSA key ID 439C5533 gpg: Good signature from "Dr James Freeman (tachyon) <airmedical@gmail.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 0C98 9EA1 06A9 7332 7BF0 CE08 9E0C B605 439C 5533 --- SIGNATURE 2008-06-06 15:15:23.000000000 +0200 +++ - 2010-09-04 08:31:35.113685013 +0200 @@ -34,6 +34,26 @@ SHA1 b5280719d86dcda716c79e1e5c9592425a888ed3 t/pod_coverage.t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) +SHA1 b8f680e68f64b979136e801ebee0814825194912 Changes +SHA1 9a3c4a096e94d38aae3ae3c94dca598123bd67ae JHash.xs +SHA1 f60fe46939423d71dbfde81b5352bb60bb7151d0 MANIFEST +SHA1 04d8e918cf9b5da15d9f3a8c073ee29e1b2c3f0e META.yml +SHA1 bdb56cf7eda7ea5235c76c1317eda9c8ca382fab Makefile.PL +SHA1 23ba39bf5a130f18440559e6ae24cd2e5bfac880 README +SHA1 c61feb168d68aa03110344bc534a4615b5e4ede1 examples/jhash.pl +SHA1 765dbbae4f3e52a75e246da1f0f1de6c0f2b2ca9 examples/oo_vs_func.pl +SHA1 3335b34c8200680f604ecd2eeea68443d6865d2e html/JHash.html +SHA1 d90c797dc2c8eba2986207094b1ea8ec084008d9 html/docs.css +SHA1 7aaa409a652d30a775e29a7a187bea55c8cdcce7 lib/Digest/JHash.pm +SHA1 e025dfa24a881d66b0b2e4074d7dec859e14811e misc/kwalitee.t +SHA1 caeefb74df20ef182263a30796d1fe21826d43e2 misc/make_manifest.pl +SHA1 74440f42d3c5784eb32b5f9dc60c9de277092796 misc/mkdist.bat +SHA1 8e8ace77d3b6013fcbc9fcad5191f3a37df59c3c misc/spelling.t +SHA1 60719436aa8f28602e5bdb8efb6b30cc12581727 t/jhash.t +SHA1 af1136d14010cbb2bfde90acc9c345ce188bf0fb t/pod.t +SHA1 b5280719d86dcda716c79e1e5c9592425a888ed3 t/pod_coverage.t +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (MingW32) iJwEAQECAAYFAkhJOGMACgkQngy2BUOcVTM5NQP/agZ/Fa6Wj1EA3+QHztwo+lhG nssnfwngVdxj/EMfnKREaOKfOWqvKp6R9rjG2NxZfQ7mZJceWxgDrsGV73m/RmFK ==> MISMATCHED content between SIGNATURE and distribution files! <== I looked up the SIGNATURE file of JFREEMAN/Digest-JHash-0.05.tar.gz and it was the same. Could you please sign the distro or otherwise remove the SIGNATURE completely? Thanks!