docs(readme): fix typos

thomasleplus · thomasleplus · commit 2ae4efda0898 · 2026-02-04T21:14:37.000+01:00
diff --git a/README.md b/README.md
@@ -160,11 +160,11 @@ using Sigstore and using GnuPG.
 
 [Sigstore](https://docs.sigstore.dev) is trying to improve supply
 chain security by allowing you to verify the origin of an
-artifcat. You can verify that the jar that you use was actually
+artifact. You can verify that the jar that you use was actually
 produced by this repository. This means that if you verify the
 signature of the ristretto jar, you can trust the integrity of the
 whole supply chain from code source, to CI/CD build, to distribution
-on Maven Central or whever you got the jar from.
+on Maven Central or wherever you got the jar from.
 
 To verify the jar using its sigstore signature, you need to download
 them both locally and then use the `cosign` tool to verify the
