[PATCH] vulnerabilities.cgi: Use orange instead of blue for mitigated issues

Michael Tremer michael.tremer at ipfire.org
Tue Jun 11 10:37:02 BST 2019


I would like to say that I disagree with this change.

Not because I think that the mitigations are good enough. It is a little bit more complex:

* I do not think that we can generally say that mitigations are bad. Some are pretty much solid fixes. Some are quite the opposite. That means that some should be rather green and some others should be rather red. Making them all orange is not suitable from my point of view.

* I do not want to scare our users. Yes, their hardware might be broken. But there is no point in changing this now with something very similar. There is no good hardware out there that performs at the same time. I do not want to spread the view that IPFire is only broken because we show this information.

Therefore I am kind of okay with the blue. It does not really send a message. The message is complex. I could write half a book about it.

What are other people’s views on this?


> On 10 Jun 2019, at 20:24, Peter Müller <peter.mueller at ipfire.org> wrote:
> A mitigated (CPU) vulnerability is still present and might be just
> harder to exploit. Using blue as colour for them does not illustrate
> their dangerousness - orange is a better choice as far as I am
> concerned.
> Scaring people away from Intel processors will be a completely
> unintended side effect. :-)
> Signed-off-by: Peter Müller <peter.mueller at ipfire.org>
> ---
> html/cgi-bin/vulnerabilities.cgi | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> diff --git a/html/cgi-bin/vulnerabilities.cgi b/html/cgi-bin/vulnerabilities.cgi
> index a8746c30c..21d963618 100644
> --- a/html/cgi-bin/vulnerabilities.cgi
> +++ b/html/cgi-bin/vulnerabilities.cgi
> @@ -129,7 +129,7 @@ for my $vuln (sort keys %VULNERABILITIES) {
> 	} elsif ($status eq "Mitigation") {
> 		$status_message = $Lang::tr{'mitigated'};
> 		$colour = "white";
> -		$bgcolour = ${Header::colourblue};
> +		$bgcolour = ${Header::colourorange};
> 	# Unknown report from kernel
> 	} else {
> -- 
> 2.16.4

More information about the Development mailing list