Bug#1039606: Don't display unimportant issues as "vulnerable"

[Salvatore Bonaccorso <carnil@debian.org>]

Hi,

On Tue, Jun 27, 2023 at 08:33:08PM +0200, Moritz Muehlenhoff wrote:
> Package: security-tracker
> Severity: wishlist
> 
> "unimportant" issues don't have security impact, but currently they get shown
> as "vulnerable" in red, both in a package overview page, e.g.
> https://security-tracker.debian.org/tracker/source-package/c-ares and CVE-specific pages, e.g.
> https://security-tracker.debian.org/tracker/CVE-2023-31147
> 
> This is a little misleading, since those packages are not actually vulnerable.
> It would be nice if such "unimportant" issues it would instead display
> "unfixed (no/negligible security impact)" instead. And instead of red maybe
> in grey.

Right agree with that. I think it would be great and helpfull if we
have an issue which is unfixed in a particular suite source wise, and
in the above example, but is in unimportant severity, then instead of
a red vulnerable, the page would show a "greyed" (similar to fixed,
but different), with a different text something like you proposed in
wording. 

I think the color difference from red is visual wise quite important,
because together with the wording 'vulnerable' is possibly what is
what people will mostly find surprising.

So whoever wants to implement that, plese make a MR accordingly to the
security-tracker repository.

Regards,
Salvatore