fix: spelling errors
This commit is contained in:
parent
f3a6e6c472
commit
911dff8fa7
|
@ -5,7 +5,7 @@ The simple multisig toolchain for git repos.
|
|||
## Features
|
||||
|
||||
* Attach any number of signatures to any given git ref
|
||||
* Verify git history contains a minimum threshold of unique commit siguatures
|
||||
* Verify git history contains a minimum threshold of unique commit signatures
|
||||
* Verify signatures belong to a defined GPG alias group
|
||||
* Verify code changes made since last time minimum valid signatures were present
|
||||
* Allow user to manually verify new keys and add to alias groups on the fly
|
||||
|
@ -129,7 +129,7 @@ In spite of many popular claims to the contrary, PGP is still the most well
|
|||
supported protocol for distribution, verification, and signing for keys held
|
||||
by individual humans. It is also the only protocol with wide HSM support
|
||||
allowing you to keep keys out of system memory and require physical approval
|
||||
for each operation. E.G a trezor, ledger, yubikey, etc.
|
||||
for each operation. E.G a trezor, ledger, YubiKey, etc.
|
||||
|
||||
Admittedly the GnuPG codebase itself is a buggy dated mess, but PGP as a spec
|
||||
is still Pretty Good for many use cases. A recent modern rewrite by a number
|
||||
|
@ -156,7 +156,7 @@ See: [The Update Framework](https://theupdateframework.io)
|
|||
|
||||
Openssl has HSM support via OpenSC that is fairly well supported via PKSC#11.
|
||||
|
||||
Contributions suggesting this an alterantive backend to OpenPGP are welcome,
|
||||
Contributions suggesting this an alternative backend to OpenPGP are welcome,
|
||||
however they would have to also come with methods for key discovery and pinned
|
||||
key groups via configuration files of some kind.
|
||||
|
||||
|
@ -168,6 +168,6 @@ These alternatives have poor if any support for HSM workflows and thus put
|
|||
private keys at too much risk of theft or loss to recommend for general use at
|
||||
this time.
|
||||
|
||||
That said, verifying folders/repos that use these methods is certianly of value
|
||||
That said, verifying folders/repos that use these methods is certainly of value
|
||||
and contributions to support doing this on systems where those tools are
|
||||
available are welcome.
|
||||
|
|
Loading…
Reference in New Issue