Merge pull request #1382 from itowlson/sigstore-y-u-no-redirect

itowlson · web-flow · commit 21356b17e478 · 2024-09-16T10:46:28.000+12:00
Fix broken sigstore links
diff --git a/content/spin/v1/install.md b/content/spin/v1/install.md
@@ -166,7 +166,7 @@ If you want to use WSL2 (Windows Subsystem for Linux 2), please follow the instr
 
 The Spin project [signs releases](https://github.com/fermyon/spin/blob/main/docs/content/sips/012-signing-spin-releases.md) using [Sigstore](https://docs.sigstore.dev/), a project that helps with signing software and _stores signatures in a tamper-resistant public log_. Consumers of Spin releases can validate the integrity of the package they downloaded by performing a validation of the artifact against the signature present in the public log. Specifically, users get two main guarantees by verifying the signature: 1) that the author of the artifact is indeed the one expected (i.e. the build infrastructure associated with the Spin project, at a given revision that can be inspected), and 2) that the content generated by the build infrastructure has not been tampered with.
 
-To verify the release signature, first [configure Cosign v2.0.0+](https://docs.sigstore.dev/system_config/installation/). This is the CLI tool that we will use validate the signature.
+To verify the release signature, first [configure Cosign v2.0.0+](https://docs.sigstore.dev/cosign/system_config/installation/). This is the CLI tool that we will use validate the signature.
 The same directory where the installation script was run should also contain a signature of the Spin binary and the certificate used to perform the signature. The following command will perform the signature verification using the `cosign` CLI:
 
 <!-- @selectiveCpy -->
diff --git a/content/spin/v2/install.md b/content/spin/v2/install.md
@@ -165,7 +165,7 @@ If you want to use WSL2 (Windows Subsystem for Linux 2), please follow the instr
 
 The Spin project [signs releases](https://github.com/fermyon/spin/blob/main/docs/content/sips/012-signing-spin-releases.md) using [Sigstore](https://docs.sigstore.dev/), a project that helps with signing software and _stores signatures in a tamper-resistant public log_. Consumers of Spin releases can validate the integrity of the package they downloaded by performing a validation of the artifact against the signature present in the public log. Specifically, users get two main guarantees by verifying the signature: 1) that the author of the artifact is indeed the one expected (i.e. the build infrastructure associated with the Spin project, at a given revision that can be inspected), and 2) that the content generated by the build infrastructure has not been tampered with.
 
-To verify the release signature, first [configure Cosign v2.0.0+](https://docs.sigstore.dev/system_config/installation/). This is the CLI tool that we will use validate the signature.
+To verify the release signature, first [configure Cosign v2.0.0+](https://docs.sigstore.dev/cosign/system_config/installation/). This is the CLI tool that we will use validate the signature.
 The same directory where the installation script was run should also contain a signature of the Spin binary and the certificate used to perform the signature. The following command will perform the signature verification using the `cosign` CLI:
 
 <!-- @selectiveCpy -->
