Instead of being just a shorthand, `trashman` packages can try as best as possible
not to fetch keys and scripts from remote locations without some basic checks. So if
you have to add files into `/etc/apt/trusted.gpg.d`, `trashman` will provide those
-keys or fingerprints instead of donwloading it from somewhere, in which case it could
+keys or fingerprints instead of downloading it from somewhere, in which case it could
be easily tampered.
## Hoarder
* Provides basic automation: instead of always running command by hand, recipes
can be included in your deployment scripts.
-* The one to rule then all; a meta package manager suporting any other
+* The one to rule then all; a meta package manager suportting any other
package manager, like apt/dpkg, stowpkg, pkg_src, etc.
## Limitations
* Do not use your main system for installing `trashman` packages. Use a Virtual Machine
instead: this is more manageable and keep the litter isolated from the other parts
- of your infostructure.
+ of your infrastructure.
* Not everything can be checked in advance by `trashman` packages. Each package can do
it's best to check sources and avoiding running unsigned/untrusted code from remote
locations.
-* This software is a poor mitigiation and a way to save yourself some time in a growing
+* This software is a poor mitigation and a way to save yourself some time in a growing
trend of open source software lifecycles dominated by conglomerates running their
"cloud" providing you with "open core" applications, taking over your computing stack.
-## Instalation
+## Installation
Simply clone it and add to your `$PATH`:
trashman fetch
-This will outpupt current OpenPGP signature's from the last commit. You might
+This will output current OpenPGP signature's from the last commit. You might
check that and also check for repository changes. Once you're fine with those,
do the actual merge:
projects / trashman.git / commitdiff