Hi, On Tue, Jun 27, 2023 at 08:33:08PM +0200, Moritz Muehlenhoff wrote: > Package: security-tracker > Severity: wishlist > > "unimportant" issues don't have security impact, but currently they get shown > as "vulnerable" in red, both in a package overview page, e.g. > https://security-tracker.debian.org/tracker/source-package/c-ares and > CVE-specific pages, e.g. > https://security-tracker.debian.org/tracker/CVE-2023-31147 > > This is a little misleading, since those packages are not actually vulnerable. > It would be nice if such "unimportant" issues it would instead display > "unfixed (no/negligible security impact)" instead. And instead of red maybe > in grey.
Right agree with that. I think it would be great and helpfull if we have an issue which is unfixed in a particular suite source wise, and in the above example, but is in unimportant severity, then instead of a red vulnerable, the page would show a "greyed" (similar to fixed, but different), with a different text something like you proposed in wording. I think the color difference from red is visual wise quite important, because together with the wording 'vulnerable' is possibly what is what people will mostly find surprising. So whoever wants to implement that, plese make a MR accordingly to the security-tracker repository. Regards, Salvatore