Anyway, your use of ActiveState tools seems to have created an upload package in which the unix-style permissions on directories and files allow "group" and "other" users to alter/add/replace file and directory contents. I've seen this sort of result whenever people upload stuff from a windows system to a unix/linux server, and I'm guessing that's the problem.

Check the manual for whatever tool you use to create the uploaded package file (tar? zip?); there should be an option to control the unix-style file permissions (even though you are working from a Windows box). Make sure the permissions come out looking like "rwxr-xr-x" for directories and executable files, and "rw-r--r--" for other files.

(If you are using "tar", run "tar tvf your_file.tar" to see how the permissions look.)

The only difference between this and the last version is that I did

It may not be a difference in what you did. I believe this security problem surfaced recently (but I can't find the link) and therefore the message could be the result of a recent change to PAUSE. Address the issue stated in the message rather than trying to figure out what you did different.

Update: Below, brian d foy posted the aforementioned link I couldn't find: Dealing with World-writable Files in the Archive of CPANDistributions. He also confirmed my suspicions that this is a recent change.

It's not a bug in PAUSE, it's a new feature. PAUSE doesn't attempt to change any distributions. It doesn't index them if they'd unwrap with world-writeable bits. This is designed to keep these distributions from being downloaded until the author can fix them.

--
brian d foy <brian@stonehenge.com>
Subscribe to The Perl Review

This is a change to the PAUSE indexer. It's no longer indexing things that are world-writeable. See the recent threads on the perl-qa list, especially Dealing with World-writable Files in the Archive of CPANDistributions, as well as the discussion on use.perl.

The fix is to find out which tar you are using and how to set its default permissions, even if you are on Windows. Although Windows doesn't have the idea of unixy permissions, the things it tars up untar in certain ways on Unix.

Good luck, :)

tar (GNU tar) 1.13.19
Copyright 2001 Free Software Foundation, Inc.
This program comes with NO WARRANTY, to the extent permitted by law.
You may redistribute it under the terms of the GNU General Public Lice
+nse;
see the file named COPYING for details.
Written by John Gilmore and Jay Fenlason.
[download]

Many thanks.

Using ExtUtils::MakeMaker if you add:

    dist         => {TARFLAGS => '--create --verbose --mode=0700 --fil
+e '},
[download]

the the WriteMakefile call and use GNU tar 1.13 or later the permissions are set correctly. GNU tar 1.13 is available at time of posting from http://gnuwin32.sourceforge.net/packages.html.