Improve display of security vulnerabilties
In !1520 (closed), we introduced the display of security vulnerabilities in security module. It was merged as a first cut but discussions on how to make it batter are ongoing:
- Users won't know how to read this information.
- Proposal to show the highest vulnerability level for each app (none/low/medium/high).
- Proposal to hide apps with none or only low severity vulnerabilities.
- Proposal to only show critical vulnerabilities.
- Proposal to limit to only packages installed from backports. (Currently, only freedombox package would be automatically upgraded from backports.)
- Original merge request hid essential apps. However, some apps like SSH can actually be disabled by the user and showing security information could lead them to do that. Depending on other the other issues are resolved, we could change our stance on this issue.
From Danny's comments below:
- Put the report under a heading which says "Advanced: Software Vulnerability Report."
- Add the text in comment below as a description above the table.
- Only display the table of information AFTER a user clicks a blue button which says "View results" or "Run scan."