Change: tweak wordings

author: Lars Wirzenius <liw@liw.fi> 2020-04-06 14:02:56 +0300
committer: Lars Wirzenius <liw@liw.fi> 2020-04-06 14:02:56 +0300
commit: 5ed9de126dfe6cb7fff367fa577727f8446379a9 (patch)
tree: 9faca362f605eda7f5407ecd7717612026258061 /contractor.md
parent: 1964d25d00e0b41dc96fa6247517f1a2f4988889 (diff)
download: ick-contractor-5ed9de126dfe6cb7fff367fa577727f8446379a9.tar.gz
1 files changed, 6 insertions, 5 deletions
diff --git a/contractor.md b/contractor.md
index f968210..e1fd3ef 100644
--- a/contractor.md
+++ b/contractor.md
@@ -39,11 +39,12 @@ they sometimes, even if rarely, make catastrophic mistakes.
 Accidents aside, mayhem and chaos may be intentional. Your own project
 may not have malware, and you may have vetted all your dependencies,
 and you trust them. But your dependencies have dependencies, which
-have further dependencies. You'd need to vet the whole dependency
-tree. Even decades ago, in the 1990s, this could easily be hundreds of
-thousands of lines of code, and modern systems make it worse. Note
-that build tools are themselves dependencies, as is the whole
-operating system.
+have further dependencies, which have dependencies of their own. You'd
+need to vet the whole dependency tree. Even decades ago, in the 1990s,
+this could easily be hundreds of thousands of lines of code, and
+modern systems a much larger. Note that build tools are themselves
+dependencies, as is the whole operating system. Any code that is used
+in the build process is a dependency.
 
 How certain are you that you can spot malicious code that's
 intentionally hidden and obfuscated?
author	Lars Wirzenius <liw@liw.fi>	2020-04-06 14:02:56 +0300
committer	Lars Wirzenius <liw@liw.fi>	2020-04-06 14:02:56 +0300
commit	5ed9de126dfe6cb7fff367fa577727f8446379a9 (patch)
tree	9faca362f605eda7f5407ecd7717612026258061 /contractor.md
parent	1964d25d00e0b41dc96fa6247517f1a2f4988889 (diff)
download	ick-contractor-5ed9de126dfe6cb7fff367fa577727f8446379a9.tar.gz