All,
Based on this warning from the GPG maven plugin page [0]:
Issue with invalid signatures on the pom files
Maven 2.0.5 fixes a problem where the pom files would end up changing
between signing them and deploying them. If the signatures on the pom
files are invalid, make sure you upgrade to Maven 2.0.5.
It appears those performing releases of Pluto should be using Maven 2.0.5.
It appears that if you use the GPG plugin with Maven 2.0.4, there is a
chance that artifacts deployed to the repository will have invalid
signatures.
Elliot
[0]:
http://maven.apache.org/plugins/maven-gpg-plugin/examples/deploy-signed-artifacts.html
