From 2087f840cdf621f13a967ce872c122f342e3fe98 Mon Sep 17 00:00:00 2001
From: himazawa <73994521+himazawa@users.noreply.github.com>
Date: Sun, 31 Mar 2024 08:19:06 +0200
Subject: [PATCH] chore: fixed typo

---
 content/posts/xz-backdoor/index.en.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/content/posts/xz-backdoor/index.en.md b/content/posts/xz-backdoor/index.en.md
index dafd69e..6af7ec6 100644
--- a/content/posts/xz-backdoor/index.en.md
+++ b/content/posts/xz-backdoor/index.en.md
@@ -98,9 +98,9 @@ This crashes against the fact that `xz` is an incredibly popular package availab
 This was likely seen by the attacker as a gold mine since it was easy to get the role of maintainer of the project and push the malicious code.
 
 Since you are using a thirdy-part source for your supply chain, you have to trust someone at one point or another.
-When talking about supply chain security the reccomendations are always the same: pin the hashes and use signature verification. This will work as long as you have scenarios like a  malicious attacker compromising the dependency CICD and pushing a malicious build, account compromissions etc.
+When talking about supply chain security the reccomendations are always the same: pin the hashes and use signature verification. This will work as long as you have scenarios like a malicious attacker compromising the dependency CICD and pushing a malicious build, account compromissions etc.
 
-But what can you do if all of a sudden, trusted maintainer goes rogue?
+But what can you do if all of a sudden, trusted maintainers goes rogue?
 
 As a standard user, unless you want (and are able to) code review every single commit from every single piece of software your OS interact with: pretty much nothing.