I was initially skeptical of Tomato Cart but it seems the main reason so few people have heard of it is that it's so new (about a year old). It's actually an extremely impressive piece of software. It has to be one of the most beautiful and modern ecommerce web applications I have come across. It may not be popular yet, but I think it's going to be and we can help make that happen.
Only a couple of things caught my attention with regards to the TKLPatch:
We need to figure out how to make sure the admin interface is accessible only via SSL. This is an e-commerce application where such things matter.
The patch embeds an example e-mail for the admin account: admin@tomato-turnkeylinux.org. It's better to use example.com for example e-mails for security reasons. Otherwise it would be possible for an attacker to register the unregistered domain, and use that to compromise any appliance that hadn't yet been fully configured. We should assume are routinely scanning the Internet for vulnerable machines.
We'll need to document how to change the admin e-mail or write a di-live hook that does it on installation. Example di-live hooks can be found in the domain-controller, ejabberd, projectpier and torrentserver appliances.
Took a closer look at Tomato Cart - impressive webapp
I was initially skeptical of Tomato Cart but it seems the main reason so few people have heard of it is that it's so new (about a year old). It's actually an extremely impressive piece of software. It has to be one of the most beautiful and modern ecommerce web applications I have come across. It may not be popular yet, but I think it's going to be and we can help make that happen.
Only a couple of things caught my attention with regards to the TKLPatch: