Skip to content

Commit 840379f

Browse files
KSXGitHubclaude
KSXGitHub
and
claude
authored
docs(readme): minor fix of writing style (#402)
Co-authored-by: Claude <noreply@anthropic.com>
1 parent 2aa3991 commit 840379f

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -188,7 +188,7 @@ Using AI also does not mean poor quality. On the contrary, AI reviews have helpe
188188

189189
### How can I trust the release binaries?
190190

191-
Starting with version 0.23.0, every executable published to [GitHub Releases](https://github.com/KSXGitHub/parallel-disk-usage/releases) is accompanied by a [build provenance attestation](https://docs.github.com/en/actions/how-tos/secure-your-work/use-artifact-attestations/use-artifact-attestations). The attestation is cryptographically signed by [Sigstore](https://www.sigstore.dev/) — a public-good signing service operated by the Linux Foundation — and records that the binary was built by this repository's GitHub Actions deployment workflow from a specific commit. Because the signing happens inside GitHub's infrastructure via OIDC and the signatures are logged to Sigstore's public transparency log, the guarantee does not depend on trusting the maintainer's personal word: any tampered or manually uploaded binary would fail verification.
191+
Starting with version 0.23.0, every executable published to [GitHub Releases](https://github.com/KSXGitHub/parallel-disk-usage/releases) is accompanied by a [build provenance attestation](https://docs.github.com/en/actions/how-tos/secure-your-work/use-artifact-attestations/use-artifact-attestations). The attestation is cryptographically signed by [Sigstore](https://www.sigstore.dev/) and records that the binary was built by this repository's GitHub Actions deployment workflow from a specific commit. Sigstore is a public-good signing service operated by the Linux Foundation. The signing happens inside GitHub's infrastructure via OIDC, and the signatures are logged to Sigstore's public transparency log. The guarantee therefore does not depend on trusting the maintainer's personal word. Any tampered or manually uploaded binary would fail verification.
192192

193193
To verify a downloaded binary, install the [GitHub CLI](https://cli.github.com/) and run:
194194

0 commit comments

Comments
 (0)