>sand@k93msid:~% tar tvvzf /home/ftp/pub/PAUSE/authors/id/R/RR/RRWO/Const-Exporter-v1.3.0.tar.gz| grep SECURITY
-rw-r--r-- rr/rr 3511 2024-12-29 18:12 Const-Exporter-v1.3.0/SECURITY.md
-rw-r--r-- rr/rr 3510 2024-12-29 18:12 Const-Exporter-v1.3.0/#SECURITY.md#
Because of this second listed file, the signature verification fails with:
% cpansign -v
Executing gpg --verify --batch --no-tty --keyserver=hkp://keyserver.ubuntu.com:11371 --keyserver-options=auto-key-retrieve /tmp/Lpikwfa6d8
gpg: Signature made Sun 29 Dec 2024 06:12:04 PM CET
gpg: using RSA key 788C2AECF7F27F1B6CB2BE671E65AB7181830BAC
gpg: Good signature from "Robert Rothenberg (CPAN) <rrwo@cpan.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 788C 2AEC F7F2 7F1B 6CB2 BE67 1E65 AB71 8183 0BAC
Not in MANIFEST: #SECURITY.md#
==> MISMATCHED content between MANIFEST and distribution files! <==
Because of this second listed file, the signature verification fails with: