Updates based on review feedback

Tracy Miranda · Tracy Miranda · commit 417ef6e30161 · 2024-12-02T08:59:41.000-05:00
diff --git a/sigstore-public-deployment-spec.md b/sigstore-public-deployment-spec.md
@@ -1,7 +1,7 @@
 # Sigstore Public Deployment
 
 
-This document describes the technical and policy decisions for the public deployment of Sigstore, specifically focusing on the Fulcio and Rekor deployment for the public good instance. The [Spec: Fulcio](https://github.com/sigstore/architecture-docs/blob/main/fulcio-spec.md) and [Spec: Rekor](https://docs.google.com/document/u/0/d/1NQUBSL9R64_vPxUEgVKGb0p81_7BVZ7PQuI078WFn-g/edit) documents leave many implementation choices, such as authentication and log entry formats, to the discretion of implementers. This document outlidetails the specific implementation choices made for Sigstore's public deployment that go beyond the requirements in the specification. Additionally, this document details the use of TUF for distributing roots of trust, and includes links to deployment respositories and resources.
+This document describes the technical and policy decisions for the public deployment of Sigstore, specifically focusing on the Fulcio and Rekor deployment for the public good instance. The [Spec: Fulcio](https://github.com/sigstore/architecture-docs/blob/main/fulcio-spec.md) and [Spec: Rekor](https://docs.google.com/document/u/0/d/1NQUBSL9R64_vPxUEgVKGb0p81_7BVZ7PQuI078WFn-g/edit) documents leave many implementation choices, such as authentication and log entry formats, to the discretion of implementers. This document describes the specific implementation choices made for Sigstore's public deployment that go beyond the requirements in the specification. Additionally, this document details the use of TUF for distributing roots of trust, and includes links to deployment respositories and resources.
 
 ## 1. Introduction
 
@@ -29,8 +29,7 @@ Fulcio embeds information about the identity of a requester into the SubjectAlte
 
 These certificates have a validity period of 10 minutes, beginning at the time of issuance.
 
-* [Fulcio certification specification](https://github.com/sigstore/fulcio/blob/main/docs/certificate-specification.md)   
-* General OIDs 
+* [Fulcio certification specification](https://github.com/sigstore/fulcio/blob/main/docs/certificate-specification.md)
 
 ### 2.2 Authentication
 
@@ -62,9 +61,10 @@ Dex:
 
 **Workflow Authentication**
 
-* GitHub  
-* GitLab  
+* GitHub Actions  
+* GitLab CI  
 * BuildKite
+* CodeFresh
 
 See the [Fulcio OIDC documentation](https://github.com/sigstore/fulcio/blob/main/docs/oidc.md) for additional details.
 
@@ -78,9 +78,9 @@ Rekor implements a transparency service. There is a public good deployment of Re
 
 ### 3.1 Pluggable Types
 
-The transparency service has what is termed a ‘pluggable type’ system. A pluggable type, is a custom schema for entries stored in the transparency log. Schemas can be in multiple formats (json|yaml|xml).
+The transparency service has what is termed a ‘pluggable type’ system. A pluggable type is a custom schema for entries stored in the transparency log. Schemas can be in multiple formats (json|yaml|xml).
 
-The current list of supported types can be found in the [Rekor project](https://github.com/sigstore/rekor/tree/main/pkg/types). Information about adding new pluggable types can be found in the [Rekor documentation.](https://docs.sigstore.dev/docs/logging/pluggable-types/)
+The current list of supported types can be found in the [Rekor project](https://github.com/sigstore/rekor/tree/main/pkg/types). Information about adding new pluggable types can be found in the [Rekor documentation.](https://docs.sigstore.dev/logging/pluggable-types/)
 
 See the transparency service ([Spec: Rekor](https://docs.google.com/document/u/0/d/1NQUBSL9R64_vPxUEgVKGb0p81_7BVZ7PQuI078WFn-g/edit)) document for additional information.
 
@@ -93,10 +93,7 @@ Rekor is backed by a transparency log, inspired by the one in Certificate Transp
 * Signature Algorithm:  ECDSA (NIST P-256).  
 * Public Key: change over time  
 * Log ID: need an OID  
-* Maximum Merge Delay: Rekor only returns after the merge is complete  
-* Maximum Chain Length: 10  
-* STH Frequency Count: N/A  
-* Final STH: N/A
+* Maximum Merge Delay: Rekor only returns after the merge is complete
 
 ### 3.3 Sharding
 
