https://wiki.mozilla.org/Apps/Security#List_of_GNU.2FLinux_Distributions_that_use_Package_Signing
i've added a new section to the wiki, after doing some research on alternatives to debian's packaging system. after wondering what arch gnu/linux uses (pacman) it turns out that their developers did a very good analysis of the alternative distributions. their analysis is shown here: https://wiki.archlinux.org/index.php/Package_signing#How_signing_is_implemented_in_other_distributions i believe it's worthwhile emphasising that B2G is effectively "another GNU/Linux distribution". as such, learning from and making best use of the available best, most tested and most well-established distribution infrastructure, should surely be a high priority to the B2G project? also i have put it on the wiki page but it is also worth emphasising: ABSOLUTELY NONE OF THE ABOVE GNU/LINUX DISTRIBUTIONS USE ESS ESS ELL. i am sorry to keep on emphasising this but people do insist on raising it as a subject, and so i can only stop emphasising that SSL is completely inappropriate when people stop saying "what about SSL, surely that will work, won't it?". the only value in continuing to discuss SSL is to clarify its degree of complete inappropriateness further and further into the red. my fervent hope is that at some point even those people who choose to blatantly ignore everything i do think and say on the dev-b2g team will at some point go "for god's sake please could people please for crying out loud stop mentioning SSL as a solution if only to get that fucking moron LKCL whom we so absolutely despise, hate, and wish fervently that he would just die, but do not in the slightest bit wish to even acknowledge that he could possibly be right to SHUT.... UP!" until that happens i will just have to patiently keep on expanding the case against SSL until it finally dawns on the dev-b2g team and all contributors to the discussion that the use of SSL is dead. then and only then can discussion of alternatives really move forward. l. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security