To use it you need to enable the profile and set the passphrase:
mvn -Psign-artifacts -Dpassphrase=thephrase
I've done a little bit more testing and so far so good. Let me know
if you run into any problems.
--jason
FYI, I added a new goal 'gpg-sign-attached' which will use GnuPG to
sign all of the attached artifacts, and then attach the signature for
install/deploy.
