This is just a warning that the Maven team has just discovered an interaction problem between Maven 2.1 and the maven-gpg-plugin that CAN result in the signatures for the installed/deployed poms being invalid. Signatures for the other artifacts (jars, wars, etc..) are unaffected and not all poms are affected.
Thus, at this point, it's advisable to either use Maven 2.0.10 for releases or verify, check, and resign any affected poms. The Maven team is aware of the situation and is working on a fix. At this point, it's too early to determine if this will require changes to Maven 2.1.x or to the gpg plugin to fix this. However, we felt it was important to get the information out to the users as quickly as possible. -- Daniel Kulp dk...@apache.org http://www.dankulp.com/blog
signature.asc
Description: This is a digitally signed message part.