/what/ - ...

Anything that isn't red severity is probably meaningless

All high severity is if you're using some weird shit that otamin isn't, or just wouldn't matter in the case of ota

i.e. trusted client access on a vhost giving trusted access on different vhost, ip auth goofs, etc. - literally doesn't matter for ota

mod_rewrite or mod_proxy or some other Apache specific crap you have to manually enable - ota isn't using this shit

Sorry I meant to say great find, I'm hacking ota right now with the help of Claude Code