civodul pushed a commit to branch master
in repository maintenance.
commit b4975565eea97b7e44d66252df22d8925d738406
Author: Ludovic Courtès <[email protected]>
AuthorDate: Fri Nov 12 23:15:31 2021 +0100
icse-2022: Fix typos.
---
doc/icse-2022/supply-chain.skb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/icse-2022/supply-chain.skb b/doc/icse-2022/supply-chain.skb
index 2bbc6e1..4fc1852 100644
--- a/doc/icse-2022/supply-chain.skb
+++ b/doc/icse-2022/supply-chain.skb
@@ -428,7 +428,7 @@ metadata such as references to the latest commit of a
branch, is ,(emph
'torresarias2016:omitting).])
(p [Git supports ,(emph [signed commits]). A signed commit
-includes an additional header containing as ASCII-armored OpenPGP
+includes an additional header containing an ASCII-armored OpenPGP
signature computer over the other headers of the commit. By signing a
commit, a Guix developer asserts that they are the one who made the
commit; they may be its author, or they may be the person who applied
@@ -998,7 +998,7 @@ artifacts created by a step cannot be altered before the
next step.])
(p [Thanks the functional deployment model, Guix has end-to-end
control over artifact flow, from source code to binaries delivered to
users. Complete provenance tracking gives anyone the ability to ,(emph
-[verify]) the source-to-binary tracking, or to simply not use the
+[verify]) the source-to-binary mapping, or to simply not use the
project’s official binaries, as discussed in ,(numref :text [Section]
:ident "background"). Conversely, in-toto’s approach to artifact flow
integrity assumes a relative disconnect between steps that makes
