Well, based on the above, I'd say it depends. Do you trust that this is the correct PAUSE key? If not, don't sign it. If so, sign it. What may help is to look at the key and see who else has signed it. Of course, that depends on you trusting that those others really did sign it, and it wasn't merely signed by some guy pretending to by merlyn or TimToady or whatever.

Personally, without finding a method to validate the fingerprint against a site that I do trust, I wouldn't sign it. And that's partly because, let's be honest here, you're no worse off than you were before this whole signing thing started. You trusted that CPAN authors weren't trying to hose your system by faking some code that looks like it's doing something useful, but actually is opening a hole in your security. And, with signing, all that does is prove that the person holding the private key (whoever that is) actually wrote that hole in your security. It has not increased your security significantly. But it does prevent tampering - if you get a patched module, the signature won't match anymore, and you'll know it, whether you trust the signature or not. Well, as long as you continue to read the warnings/run the tests. And I doubt that PAUSE is signing the modules (other than CPAN) anyway, so you'd actually still get the unknown warnings from new modules.

How do I go about accepting that key?

I would imagine that's with the "gpg --lsign-key 450F89EC" command that you captured from when it imported the key. Though I usually use the tools built in to KDE, and run kgpg to allow me point-and-click access :-)