From c0f8f82ab2bcbdf5918859f78279e84d7c63b915 Mon Sep 17 00:00:00 2001
From: a1346054 <36859588+a1346054@users.noreply.github.com>
Date: Sun, 22 Aug 2021 20:48:41 +0000
Subject: [PATCH] Fix spelling

---
 ppa_release.sh     | 2 +-
 security_design.md | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ppa_release.sh b/ppa_release.sh
index fc559de..b0cceaf 100755
--- a/ppa_release.sh
+++ b/ppa_release.sh
@@ -14,7 +14,7 @@
 
 VERSION=$(cat share/torbrowser-launcher/version)
 
-# Make a source pacakge
+# Make a source package
 rm -rf deb_dist
 python3 setup.py --command-packages=stdeb.command sdist_dsc
 
diff --git a/security_design.md b/security_design.md
index 95c0ac6..68db14c 100644
--- a/security_design.md
+++ b/security_design.md
@@ -1,6 +1,6 @@
 # Tor Browser Launcher Security Design
 
-This document could be improved. At the moment it's copy/pasted verbatum from a post to the [debian bug tracker](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752275).
+This document could be improved. At the moment it's copy/pasted verbatim from a post to the [debian bug tracker](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752275).
 
 ## TLS/x.509 security
 
@@ -12,7 +12,7 @@ torbrowser-launcher doesn't rely on the CA infrastructure. The only TLS it does
 
 Downgrade attacks shouldn't be possible, unless they're committed by Tor devs themselves. If an attacker captures a valid old request to https://check.torproject.org/RecommendedTBBVersions that claims that the current version is an older version than what's currently installed, torbrowser-launcher prevents it from installing. (And by "installing" I mean extracting to the user's home dir.)
 
-However, there is the scenereo where the user has set a third-party mirror to download from instead of the default. The third-party mirror could serve a tarball and sig that have filenames of the latest version, but are actually an older version. This attack is mitigated by the fact that all mirror options use HTTPS -- though none of the mirror certs are pinned, so in this case it would rely on CA infrastructure. This is an edge case, and would only work against users who are using a non-default mirror, and who also have access to a trusted CA signing key.
+However, there is the scenario where the user has set a third-party mirror to download from instead of the default. The third-party mirror could serve a tarball and sig that have filenames of the latest version, but are actually an older version. This attack is mitigated by the fact that all mirror options use HTTPS -- though none of the mirror certs are pinned, so in this case it would rely on CA infrastructure. This is an edge case, and would only work against users who are using a non-default mirror, and who also have access to a trusted CA signing key.
 
 ## Installing Tor Browser system-wide
 
@@ -20,6 +20,6 @@ You cannot install Tor Browser system-wide. It's released by the Tor Project as
 
 ## What secret keys/access attackers need to succeed
 
-Yes, attackers that 1) have access to the trusted keys included with torbrowser-launcher and 2) have access to modify files on https://www.torproject.org/ or have access to its TLS key are able to get arbitrary code exec as the current user when they open Tor Browser.  This may or may not include any of the Tor devs whose keys are included.
+Yes, attackers that 1) have access to the trusted keys included with torbrowser-launcher and 2) have access to modify files on https://www.torproject.org/ or have access to its TLS key are able to get arbitrary code exec as the current user when they open Tor Browser. This may or may not include any of the Tor devs whose keys are included.
 
 But like Holger said above, this is a feature, not a bug. This is the whole purpose of torbrowser-launcher, so users can automatically install TBB updates that are signed by Tor devs.