[PATCH] vulnerabilities.cgi: Use orange instead of blue for mitigated issues

[PATCH] vulnerabilities.cgi: Use orange instead of blue for mitigated issues

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 977 bytes --]

A mitigated (CPU) vulnerability is still present and might be just
harder to exploit. Using blue as colour for them does not illustrate
their dangerousness - orange is a better choice as far as I am
concerned.

Scaring people away from Intel processors will be a completely
unintended side effect. :-)

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 html/cgi-bin/vulnerabilities.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/cgi-bin/vulnerabilities.cgi b/html/cgi-bin/vulnerabilities.cgi
index a8746c30c..21d963618 100644
--- a/html/cgi-bin/vulnerabilities.cgi
+++ b/html/cgi-bin/vulnerabilities.cgi
@@ -129,7 +129,7 @@ for my $vuln (sort keys %VULNERABILITIES) {
 	} elsif ($status eq "Mitigation") {
 		$status_message = $Lang::tr{'mitigated'};
 		$colour = "white";
-		$bgcolour = ${Header::colourblue};
+		$bgcolour = ${Header::colourorange};
 
 	# Unknown report from kernel
 	} else {
-- 
2.16.4

Re: [PATCH] vulnerabilities.cgi: Use orange instead of blue for mitigated issues

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 2057 bytes --]

Hello,

I would like to say that I disagree with this change.

Not because I think that the mitigations are good enough. It is a little bit more complex:

* I do not think that we can generally say that mitigations are bad. Some are pretty much solid fixes. Some are quite the opposite. That means that some should be rather green and some others should be rather red. Making them all orange is not suitable from my point of view.

* I do not want to scare our users. Yes, their hardware might be broken. But there is no point in changing this now with something very similar. There is no good hardware out there that performs at the same time. I do not want to spread the view that IPFire is only broken because we show this information.

Therefore I am kind of okay with the blue. It does not really send a message. The message is complex. I could write half a book about it.

What are other people’s views on this?

-Michael

> On 10 Jun 2019, at 20:24, Peter Müller <peter.mueller(a)ipfire.org> wrote:
> 
> A mitigated (CPU) vulnerability is still present and might be just
> harder to exploit. Using blue as colour for them does not illustrate
> their dangerousness - orange is a better choice as far as I am
> concerned.
> 
> Scaring people away from Intel processors will be a completely
> unintended side effect. :-)
> 
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> html/cgi-bin/vulnerabilities.cgi | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/html/cgi-bin/vulnerabilities.cgi b/html/cgi-bin/vulnerabilities.cgi
> index a8746c30c..21d963618 100644
> --- a/html/cgi-bin/vulnerabilities.cgi
> +++ b/html/cgi-bin/vulnerabilities.cgi
> @@ -129,7 +129,7 @@ for my $vuln (sort keys %VULNERABILITIES) {
> 	} elsif ($status eq "Mitigation") {
> 		$status_message = $Lang::tr{'mitigated'};
> 		$colour = "white";
> -		$bgcolour = ${Header::colourblue};
> +		$bgcolour = ${Header::colourorange};
> 
> 	# Unknown report from kernel
> 	} else {
> -- 
> 2.16.4