Fix typos in PEP 480 (#1241)

Signed-off-by: Sumana Harihareswara <sh@changeset.nyc>
2019-11-26 22:46:04 -05:00 · 2019-11-26 22:46:04 -05:00 · c36e6e7218
parent 337a9ce0d0
commit c36e6e7218
1 changed files with 10 additions and 9 deletions
--- a/pep-0480.txt
+++ b/pep-0480.txt
@ -608,18 +608,19 @@ responsible only for mirroring PyPI.  The mirrors can be checked against one
 another to detect accidental or malicious failures.

 Another approach is to periodically generate the cryptographic hash of
-*snapshot* and tweet it.  For example, upon receiving the tweet, a user comes
-forward with the actual metadata and the repository maintainers are then able
-to verify metadata's cryptographic hash.  Alternatively, PyPI may periodically
-archive its own versions of *snapshot* rather than rely on externally provided
-metadata.  In this case, PyPI SHOULD take the cryptographic hash of every
-package on the repository and store this data on an offline device. If any
-package hash has changed, this indicates an attack has occurred.
+each *snapshot* and tweet it.  For example, upon receiving the tweet, a
+user comes forward with the actual metadata and the repository
+maintainers are then able to verify the metadata's cryptographic hash.
+Alternatively, PyPI may periodically archive its own versions of
+*snapshots* rather than rely on externally provided metadata.  In this
+case, PyPI SHOULD take the cryptographic hash of every package on the
+repository and store this data on an offline device. If any package
+hash has changed, this indicates an attack has occurred.

 Attacks that serve different versions of metadata or that freeze a version of a
 package at a specific version can be handled by TUF with techniques such as
 implicit key revocation and metadata mismatch detection [2]_.
-n
+

 Key Compromise Analysis
 =======================
@ -642,7 +643,7 @@ attacks, or metadata inconsistency attacks.
 | Role Compromise   | Malicious Updates | Freeze Attack         | Metadata Inconsistency|
 |                   |                   |                       | Attacks               |
 +===================+===================+=======================+=======================+
-| timetamp          | NO                | YES                   | NO                    |
+| timestamp         | NO                | YES                   | NO                    |
 |                   | snapshot and      | limited by earliest   | snapshot needs to     |
 |                   | targets or any    | root, targets, or bin | cooperate             |
 |                   | of the delegated  | metadata expiry time  |                       |