On Wed, 14 Aug 2019 09:04:57 +0200 Borislav Petkov wrote: > IMO, what you want does not belong in sysfs but in documentation.
How would documentation (a fixed static text file) tell whether a particular system is vulnerable or not? > I partially see your point that a table of sorts mapping all those CPU > vulnerability names to (possible) mitigations is needed for users > which would like to know whether they're covered, without having to > run some scripts from github, Correct. > but sysfs just ain't the place. Then why is it currently used for some of the vulnerabilities? I am not an expert and I don't know if it is the place. My only concern is to have that information which we currently don't regardless of where it may be placed.
