From what I have read Meltdown and Spectre are not being exploited in the wild and some of the 'fixes' (looking at you Slurp) are worse than do nothing at all. So the real question for older chips, what is the real risk of an exploit? Partly how difficult are they to exploit with a normal user configuration and how would the exploit be installed. I have seen opinions that say if hit it is real bad but it is very difficult to actually exploit.
So should the average user (or their informal IT department) maintain a watch and wait posture towards patching?
An accurate risk assessment will also impact any law suit as it currently stands as there has been no known attacks using the flaws.