vanilla `mvn install` should not use GPG

[DDvO]

On updating to the latest version 4.1.2, I got

[INFO] --- gpg:3.1.0:sign (sign-artifacts) @ CmpRaComponent ---
[INFO] Signing 6 files with default secret key.
gpg: directory '/Users/david/.gnupg' created
gpg: no default secret key: No secret key
gpg: signing failed: No secret key
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------

I see little point in signing the artifact(s) in a regular build or installation for normal users.

[DDvO]

And retrying after generating a dummy key, I got:

[INFO] --- gpg:3.1.0:sign (sign-artifacts) @ CmpRaComponent ---
[INFO] Signing 6 files with default secret key.
gpg: signing failed: Inappropriate ioctl for device
gpg: signing failed: Inappropriate ioctl for device
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  9.692 s
[INFO] Finished at: 2024-04-08T14:41:57+02:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-gpg-plugin:3.1.0:sign (sign-artifacts) on project CmpRaComponent: Exit code: 2 -> [Help 1]

[DDvO]

Just found this workaround: -Dgpg.skip

[Akretsch]

The different styles of building and deploying shall be documented and referred by the toplevel README.md?

[DDvO]

Yes, please.
And maybe better not use GPG by default?