From 93633a5d623f6e5ba39dfc19cdbc7e03bf094045 Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
Date: Fri, 11 Jun 2021 14:11:36 +0200
Subject: fixed argument on end-user enforcement

---
 README.md | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 82896e1..40af295 100644
--- a/README.md
+++ b/README.md
@@ -25,13 +25,12 @@ repository misses a corresponding log entry by inspecting the log.  The claim
 that the same binaries are published for everyone can be _verified_.
 
 Starting to apply the pattern of transparent logging is already an improvement
-without any end-user enforcement.  TODO: fixme.
+without any end-user enforcement.  It becomes easier to detect honest mistakes
+and attacks against your website or package repository.
 
-For example, binaries (maliciously signed or not) that have yet to be logged can
-be detected by a monitor.  To make the most out of siglog, end-users should
-enforce public logging sometime in the future.  This means that a binary in the
-above example would be _rejected_ unless a corresponding signed checksum is
-logged.  Such enforcement will require a gradual roll-out to be realistic.
+To make the most out of siglog in the future, end-users should start to enforce
+public logging.  This means that a binary in the above example would be
+_rejected_ unless a corresponding signed checksum is publicly logged.
 
 ## Design considerations
 We had several design considerations in mind while developing siglog.  A short
-- 
cgit v1.2.3