From dbd7e27d6987d44d1b38b03b31c399305dde9467 Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Sun, 25 Jan 2015 18:42:02 -0500 Subject: [PATCH] Fix for issue #260 Fixed the typographical errors in SECURITY.md reported by @hartwork. Thank you for the suggestions, Sebastian. --- SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index be58249d2e..6e187802a3 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -24,7 +24,7 @@ The following are some of the known attacks on software update systems, includin * **Malicious mirrors preventing updates**. An attacker in control of one repository mirror is able to prevent users from obtaining updates from other, good mirrors. -* **Vulnerability to key compromises**. At attacker who is able to compromise a single key or less than a given threshold of keys can compromise clients. This includes relying on a single online key (such as only being protected by SSL) or a single offline key (such as most software update systems use to sign files). +* **Vulnerability to key compromises**. An attacker who is able to compromise a single key or less than a given threshold of keys can compromise clients. This includes relying on a single online key (such as only being protected by SSL) or a single offline key (such as most software update systems use to sign files). ##Design Concepts @@ -55,7 +55,7 @@ File integrity is important both with respect to single files as well as collect ## Freshness -As software updates often fix security bugs, it is important that software update systems be able to obtain the latest versions of files that are available. An attacker may want to trick a client into installing outdated versions of software or even just convince a client that no updates are available. +As software updates often fix security bugs, it is important for software update systems to be able to obtain the latest versions of files that are available. An attacker may want to trick a client into installing outdated versions of software or even just convince a client that no updates are available. Ensuring freshness means to: