fix: spelling errors

This commit is contained in:
Anton Livaja 2024-04-07 11:31:28 -04:00
parent f3a6e6c472
commit 911dff8fa7
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
1 changed files with 4 additions and 4 deletions

View File

@ -5,7 +5,7 @@ The simple multisig toolchain for git repos.
## Features
* Attach any number of signatures to any given git ref
* Verify git history contains a minimum threshold of unique commit siguatures
* Verify git history contains a minimum threshold of unique commit signatures
* Verify signatures belong to a defined GPG alias group
* Verify code changes made since last time minimum valid signatures were present
* Allow user to manually verify new keys and add to alias groups on the fly
@ -129,7 +129,7 @@ In spite of many popular claims to the contrary, PGP is still the most well
supported protocol for distribution, verification, and signing for keys held
by individual humans. It is also the only protocol with wide HSM support
allowing you to keep keys out of system memory and require physical approval
for each operation. E.G a trezor, ledger, yubikey, etc.
for each operation. E.G a trezor, ledger, YubiKey, etc.
Admittedly the GnuPG codebase itself is a buggy dated mess, but PGP as a spec
is still Pretty Good for many use cases. A recent modern rewrite by a number
@ -156,7 +156,7 @@ See: [The Update Framework](https://theupdateframework.io)
Openssl has HSM support via OpenSC that is fairly well supported via PKSC#11.
Contributions suggesting this an alterantive backend to OpenPGP are welcome,
Contributions suggesting this an alternative backend to OpenPGP are welcome,
however they would have to also come with methods for key discovery and pinned
key groups via configuration files of some kind.
@ -168,6 +168,6 @@ These alternatives have poor if any support for HSM workflows and thus put
private keys at too much risk of theft or loss to recommend for general use at
this time.
That said, verifying folders/repos that use these methods is certianly of value
That said, verifying folders/repos that use these methods is certainly of value
and contributions to support doing this on systems where those tools are
available are welcome.