46/66: programming-2022: Fix typos and wording issues reported by reviewers.

[Ludovic Courtès]

civodul pushed a commit to branch master
in repository maintenance.

commit 96177fba2d3b7515153f5769ee03dca901566891
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Mon Apr 4 17:30:56 2022 +0200

    programming-2022: Fix typos and wording issues reported by reviewers.
    
    * doc/programming-2022/supply-chain.skb: Fix typos and address minor
    wording issues.
---
 doc/programming-2022/supply-chain.skb | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/doc/programming-2022/supply-chain.skb 
b/doc/programming-2022/supply-chain.skb
index 677fcdd..92b99ce 100644
--- a/doc/programming-2022/supply-chain.skb
+++ b/doc/programming-2022/supply-chain.skb
@@ -187,12 +187,13 @@ common.  The consequences of an attack on the software 
supply chain can
 be tragic in a society that relies on many interconnected software
 systems, and this has led research interest as well as governmental
 incentives for supply chain security to rise.])
-     (p [GNU Guix is a software deployment tool that supports provenance
+     (p [GNU Guix is a software deployment tool and software
+distribution that supports provenance
 tracking, reproducible builds, and reproducible software environments.
-Guix is first and foremost source code: it provides a set of package
-definitions that describe how to build code from source.  Together,
-these properties set it apart from many deployment tools that center on
-the distribution of binaries.])
+Unlike many software distributions, it consists exclusively of source
+code: it provides a set of package definitions that describe how to
+build code from source.  Together, these properties set it apart from
+many deployment tools that center on the distribution of binaries.])
      (p [This paper focuses on one research question: how can Guix and
 similar systems allow users to securely update their software?  Guix
 source code is distributed using the Git version control system;
@@ -352,7 +353,7 @@ and similar “container tools” to run the software on any 
other
 machine.])
                 
         (p [Last, Guix can be used as a standalone GNU/Linux
-distribution called Guix System.  Its salient feature are that it lets
+distribution called Guix System.  Its salient feature is that it lets
 users declare the ,(emph [whole system configuration])—from user
 accounts, to services and installed packages—using a domain-specific
 language (DSL) embedded in Scheme, a functional programming language of
@@ -471,7 +472,7 @@ and verifiable using the same Guix revision, they were just 
that: around
         (p [In 2017, Nieuwenhuizen ,(it [et al.]) sought to address
 this forty-year-old problem at its root: by ensuring no opaque binaries
 appear at the bottom of the package dependency graph—no less ,(ref :bib
-'janneke:mes-web).  To that end, Nieuwenhuizen developed GNU Mes, a
+'(janneke:mes-web courant2022:ocamlboot)).  To that end, Nieuwenhuizen 
developed GNU Mes, a
 small interpreter of the Scheme language written in C, capable enough to
 run MesCC, a non-optimizing C compiler.  MesCC is then used to build
 TinyCC, a more sophisticated C compiler written in C, in turn used to
@@ -603,7 +604,7 @@ metadata such as references to the latest commit of a 
branch, is ,(emph
 
       (p [Git supports ,(emph [signed commits]).  A signed commit
 includes an additional header containing an ASCII-armored OpenPGP
-signature computer over the other headers of the commit.  By signing a
+signature computed over the other headers of the commit.  By signing a
 commit, a Guix developer asserts that they are the one who made the
 commit; they may be its author, or they may be the person who applied
 somebody else’s changes after review.  Checkout authentication requires
@@ -1029,7 +1030,7 @@ verifying signatures in-process, and dismissing 
unnecessary OpenPGP
 features.  The go-to technique of spawning GnuPG and Git processes to
 verify each commit signature would have been prohibitively expensive.
 Instead, to traverse the Git commit graph, we use libgit2, a C library
-that implements the Git “protocols”, ,(it [via]) its Guile-Git bindings.])
+that implements the Git “protocols” ,(it [via]) its Guile-Git bindings.])
 
         (p [We also have an OpenPGP implementation for GNU Guile, the
 implementation language of Guix.  This OpenPGP implementation is limited