I saw a thread here http://maven.40175.n5.nabble.com/Maven-gpg-plugin-stuck-while-signing-td3353545.html and thought I'd post a couple of experiences.
The maven gpg plugin invokes the gpg (or gpg.exe - on windows) command. If you set use-agent in your configuration to true, gpg will run another "agent" program under the covers to pop-up a window asking for your passphrase. This has the advantage that the agent "remembers" your passphrase for some time (~5 min) so if the gpg signing plugin is run on multiple things, or multiple times, the agent doesn't keep asking you over and over for your passphrase. On windows, if you install the http://www.gpg4win.org/ version of gpg, it always runs the agent. With this approach, you don't need to modify any release profiles to run in no-fork mode (see that nabble thread above). This is all described in our one-time-setup for release managers, here: http://uima.apache.org/one-time-release-setup.html -Marshall
