Upgrading from 3.6.0 to 3.8.1 - cpansign -v fails - GnuPG::Interface and Module::Versions::Report

Hi.

I’m going through the “make fixdeps” step of an upgrade to 3.8.1, and I’m
running into problems installing/upgrading two perl modules.

Here’s what “make testdeps” reports:

SOME DEPENDENCIES WERE MISSING.
GPG missing dependencies:
GnuPG::Interface…MISSING
CORE missing dependencies:
Module::Versions::Report >= 1.05…MISSING
Module::Versions::Report version 1.05 required–this is only
version 1.02
make: *** [testdeps] Error 1

I can’t manage to install/upgrade those perl modules, because their GPG
signatures are not properly verifying.

Here’s what cpansign -v reports for Module-Versions-Report-1.05:

Executing gpg --verify --batch --no-tty --keyserver=hkp://pgp.mit.edu:11371
–keyserver-options=auto-key-retrieve SIGNATURE
gpg: Signature made Fri Jun 13 15:30:32 2008 EDT using DSA key ID 108E4046
gpg: Good signature from "Jesse Vincent jesse@cpan.org"
gpg: aka "Jesse Vincent jesse@fsck.com"
gpg: aka "Jesse Vincent jesse@bestpractical.com"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: AB4A 62CF 1A1A 119A 0462 39D6 122F 5DF7 108E 4046
— SIGNATURE 2008-06-13 15:30:34.000000000 -0400
+++ - 2008-10-16 22:19:33.048637000 -0400
@@ -17,7 +17,7 @@
SHA1 bab979585b69021cd5060cc9d961382dee57c852 ChangeLog
SHA1 5100a6effb9d891380cdef4568fd1b76256374a1 MANIFEST
SHA1 b06a8885d1afbe56e1601b4950784b2dfc0a5208 MANIFEST.SKIP
-SHA1 f989d5dce8c4cabe64fb945934be60116750ef8e META.yml
+SHA1 96306e2dbb0a716c928f66f0b9eb3492caad0416 META.yml
SHA1 13483ba20165e50ad24143c1a8a017f83bffe094 Makefile.PL
SHA1 c1ef7c52be72b6f5c504fdc57bf5b8e438f80193 README
SHA1 6d28fb26b7ebffb34df6363e8671cd1dc74ae917 lib/Module/Versions/Report.pm
==> MISMATCHED content between SIGNATURE and distribution files! <==

and here’s what I get for cpansign -v for GnuPG-Interface-0.36:

Executing gpg --verify --batch --no-tty --keyserver=hkp://pgp.mit.edu:11371
–keyserver-options=auto-key-retrieve SIGNATURE
gpg: Signature made Mon Aug 13 12:25:15 2007 EDT using DSA key ID 108E4046
gpg: Good signature from "Jesse Vincent jesse@cpan.org"
gpg: aka "Jesse Vincent jesse@fsck.com"
gpg: aka "Jesse Vincent jesse@bestpractical.com"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: AB4A 62CF 1A1A 119A 0462 39D6 122F 5DF7 108E 4046
— SIGNATURE 2007-08-13 12:25:15.000000000 -0400
+++ - 2008-10-16 22:21:03.929275000 -0400
@@ -16,7 +16,8 @@

SHA1 187c2cfc1fc31d42c18d5b1653afa1a905bf266c COPYING
SHA1 5df20960703ba8651c67f36ed4ed601e0d0d4406 ChangeLog
-SHA1 ae07f475fb7a1668d2ffcfe090f99961ddb77d41 MANIFEST
+SHA1 9da791ec2e2601cd2ec44553c319820ef4de6c0d MANIFEST
+SHA1 ed72de33d3749888766ced62d18d95df9ad7e74d META.yml
SHA1 7beeb96d32ce9fd224db1fe25052960fe640c464 Makefile.PL
SHA1 d6e32c5128419cdbfe6e6f846ff7f64fc0adac2f NEWS
SHA1 1047dc54823b1321e939274dd261d8e40febee24 README
==> MISMATCHED content between SIGNATURE and distribution files! <==

Both modules were downloaded from CPAN today, October 16.

Jesse, I know you’re a frequent poster to this list, so I’m hoping you can give
me some clues here.

Thank you all for your time.

Todd Herr