The multistep requires should not be there - did you generate these through the APM? I've not seen this before. Having them there will just slow down the resolution of dependencies when the APM goes to load the package on user sites and while I sped it up tremendously over the summer, there's no reason to needlessly slow it down!
The CVS problem (no write perms) crops up on occasion and I don't think any of us has figured out why. It's annoying.