docs(readme): fix typos

thomasleplus · thomasleplus · commit 93a3d1f90df0 · 2026-02-04T21:13:57.000+01:00
diff --git a/README.md b/README.md
@@ -142,11 +142,11 @@ docker buildx imagetools inspect leplusorg/pgp-verify-jar --format '{{ json .Pro
 
 [Sigstore](https://docs.sigstore.dev) is trying to improve supply
 chain security by allowing you to verify the origin of an
-artifcat. You can verify that the image that you use was actually
+artifact. You can verify that the image that you use was actually
 produced by this repository. This means that if you verify the
 signature of the Docker image, you can trust the integrity of the
 whole supply chain from code source, to CI/CD build, to distribution
-on Maven Central or whever you got the image from.
+on Maven Central or wherever you got the image from.
 
 You can use the following command to verify the latest image using its
 sigstore signature attestation:
