lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCETrXewAK4_fpaJNDHJVDK9mUcjghA5HwYvZFQNYVfC9M+OQ@mail.gmail.com>
Date:   Mon, 6 Jul 2020 09:29:46 -0700
From:   Andy Lutomirski <luto@...capital.net>
To:     Dan Williams <dan.j.williams@...el.com>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        ksummit <ksummit-discuss@...ts.linuxfoundation.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        LKML <linux-kernel@...r.kernel.org>,
        tech-board-discuss@...ts.linuxfoundation.org,
        Chris Mason <clm@...clm>
Subject: Re: [Ksummit-discuss] [PATCH] CodingStyle: Inclusive Terminology

On Sat, Jul 4, 2020 at 1:19 PM Dan Williams <dan.j.williams@...el.com> wrote:
>
> Recent events have prompted a Linux position statement on inclusive
> terminology. Given that Linux maintains a coding-style and its own
> idiomatic set of terminology here is a proposal to answer the call to
> replace non-inclusive terminology.
>
> Cc: Jonathan Corbet <corbet@....net>
> Cc: Kees Cook <keescook@...omium.org>
> Signed-off-by: Chris Mason <clm@...clm>
> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> Signed-off-by: Dan Williams <dan.j.williams@...el.com>
> ---
>  Documentation/process/coding-style.rst          |   12 ++++
>  Documentation/process/inclusive-terminology.rst |   64 +++++++++++++++++++++++
>  Documentation/process/index.rst                 |    1
>  3 files changed, 77 insertions(+)
>  create mode 100644 Documentation/process/inclusive-terminology.rst
>
> diff --git a/Documentation/process/coding-style.rst b/Documentation/process/coding-style.rst
> index 2657a55c6f12..4b15ab671089 100644
> --- a/Documentation/process/coding-style.rst
> +++ b/Documentation/process/coding-style.rst
> @@ -319,6 +319,18 @@ If you are afraid to mix up your local variable names, you have another
>  problem, which is called the function-growth-hormone-imbalance syndrome.
>  See chapter 6 (Functions).
>
> +For symbol names, avoid introducing new usage of the words 'slave' and
> +'blacklist'

Can you put whitelist in the list, too?

>. Recommended replacements for 'slave' are: 'secondary',
> +'subordinate', 'replica', 'responder', 'follower', 'proxy', or
> +'performer'.

Should 'target' be in this list?

Should there be some mention of "master" to go along with "slave"?
This could be complicated -- as has been noted in this thread, the
word "master" has quite a few meanings, several of which are not
related to slavery or to any form of control, and that the meanings
associated with "master" and its cognates in other languages vary.

>  Recommended replacements for blacklist are: 'blocklist' or
> +'denylist'.

As someone who has written seccomp code and described the result as a
"whitelist" or "blacklist" in the past, I have a couple of comments.

First, shouldn't whitelist be in the list?  I find it surprising to
put 'blacklist' in the blocklist but to omit whitelist.

Second, I realize that I grew up thinking that 'whitelist' and
'blacklist' are the common terms for lists of things to be accepted
and rejected and that this biases my perception of what sounds good,
but writing a seccomp "denylist" or "blocklist" doesn't seem to roll
off the tongue.  Perhaps this language would be better:

Is most contexts where 'whitelist' or 'blacklist' might be used, a
descriptive phrase could be used instead.  For example, a seccomp
filter could have a 'list of allowed syscalls' or a 'list of
disallowed syscalls', and just lists could be the 'allowed' or
'accepted' lists and the 'disallowed', 'rejected', or 'blocked' lists.
If a single word replacement for 'whitelist' or 'blacklist' is needed,
'allowlist', 'blocklist', or 'denylist' could be used.


> @@ -0,0 +1,64 @@
> +.. _inclusiveterminology:
> +
> +Linux kernel inclusive terminology
> +==================================
> +
> +The Linux kernel is a global software project, and in 2020 there was a
> +global reckoning on race relations that caused many organizations to
> +re-evaluate their policies and practices relative to the inclusion of
> +people of African descent. This document describes why the 'Naming'
> +section in :ref:`process/coding-style.rst <codingstyle>` recommends
> +avoiding usage of 'slave' and 'blacklist' in new additions to the Linux
> +kernel.
> +
> +On the triviality of replacing words
> +====================================
> +
> +The African slave trade was a brutal system of human misery deployed at
> +global scale. Some word choice decisions in a modern software project
> +does next to nothing to compensate for that legacy. So why put any
> +effort into something so trivial in comparison? Because the goal is not
> +to repair, or erase the past. The goal is to maximize availability and
> +efficiency of the global developer community to participate in the Linux
> +kernel development process.

Should this type of historical note be in the document or in the changelog?

Suppose that we put it in this document and then, in two years,
someone notices that the very first bit of text in your changelog that
diff helpfully quoted for you is also mildly offensive to certain
groups  Now we could end up with:

... in 2020 there was a global reckoning ...

... in 2022, people noticed that comparing peoples' opinions on
variable names to medical conditions could be seen as inappropriate
...

etc.  And now this document ends up with a lot of history and also a
lot of content, and the history part starts to resemble the
now-frowned-upon lists of copyrights and changes that clutter the tops
of various kernel C files.  I suppose that changing this could be
deferred until such time as it might be an actual problem, but perhaps
this should go in the changelog instead.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ