civodul pushed a commit to branch master
in repository maintenance.
commit 4cea83682bde8a686b2c6b454dcf7b3b6798bfcb
Author: Ludovic Courtès <[email protected]>
AuthorDate: Wed Apr 13 08:01:04 2022 +0200
programming-2022: Fix typos.
* doc/programming-2022/supply-chain.skb (Related Work): Fix typos.
---
doc/programming-2022/supply-chain.skb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/doc/programming-2022/supply-chain.skb
b/doc/programming-2022/supply-chain.skb
index 2d2bf73..2e37095 100644
--- a/doc/programming-2022/supply-chain.skb
+++ b/doc/programming-2022/supply-chain.skb
@@ -1246,7 +1246,7 @@ verify whether a given commit is signed by a key that was
authorized at
the time of signature. Another shortcoming is that the recommended
method to update one’s local copy of the package repository is ,(emph
[not]) Git but instead the rsync file synchronization protocol together
-with OpenPGP signatures of the files made with special-purpose a release
+with OpenPGP signatures of the files made with a special-purpose release
key.])
(p [Developers of OPAM, the package manager for the OCaml
@@ -1254,14 +1254,14 @@ language, adapted TUF for use with their Git-based
package repository,
later updated to write Conex ,(ref :bib 'mehnert2016:conex), a separate
tool to authenticate OPAM repositories. OPAM like Guix is a
source-based distribution and its package repository is a Git repository
-containing “build recipe”. To date, it appears that ,(tt [opam update])
+containing “build recipes”. To date, it appears that ,(tt [opam update])
itself does not authenticate repositories though; it is up to users and
developers to run Conex.])
(p [,(bold [Supply chain integrity.])
The in-toto framework ,(ref :bib 'torresarias2019:intoto) can be thought of as
a
generalization of TUF; it aims at ensuring the integrity of complete
-software supply chains, taking into accounts the different steps that
+software supply chains, taking into account the different steps that
comprise software supply chains in widespread use such as Debian’s. In
particular, it focuses on ,(emph [artifact flow integrity])—that
artifacts created by a step cannot be altered before the next step.])
