| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Jul 2020 09:49:21 +0300
From: Mike Rapoport <rppt@...ux.ibm.com>
To: Kees Cook <keescook@...omium.org>
Cc: Andy Lutomirski <luto@...capital.net>,
ksummit <ksummit-discuss@...ts.linuxfoundation.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
LKML <linux-kernel@...r.kernel.org>,
tech-board-discuss@...ts.linuxfoundation.org,
Chris Mason <clm@...clm>
Subject: Re: [Ksummit-discuss] [PATCH] CodingStyle: Inclusive Terminology
On Mon, Jul 06, 2020 at 10:56:17PM -0700, Kees Cook wrote:
> On Mon, Jul 06, 2020 at 09:29:46AM -0700, Andy Lutomirski wrote:
> > Is most contexts where 'whitelist' or 'blacklist' might be used, a
> > descriptive phrase could be used instead. For example, a seccomp
> > filter could have a 'list of allowed syscalls' or a 'list of
> > disallowed syscalls', and just lists could be the 'allowed' or
> > 'accepted' lists and the 'disallowed', 'rejected', or 'blocked' lists.
> > If a single word replacement for 'whitelist' or 'blacklist' is needed,
> > 'allowlist', 'blocklist', or 'denylist' could be used.
>
> Yup. See:
> https://lore.kernel.org/lkml/202007041703.51F4059CA@keescook/
> specifically the terminology for seccomp is already "allow-list" and
> "deny-list":
> https://github.com/mkerrisk/man-pages/commit/462ce23d491904a0b46252dc97c8cb42391c093e (last year)
> https://github.com/seccomp/libseccomp/commit/0e762521d604612bb4dca8867d4a428a5e6cae54 (last month)
>
> > Second, I realize that I grew up thinking that 'whitelist' and
> > 'blacklist' are the common terms for lists of things to be accepted
> > and rejected and that this biases my perception of what sounds good,
> > but writing a seccomp "denylist" or "blocklist" doesn't seem to roll
> > off the tongue. Perhaps this language would be better:
>
> I have struggled with this as well. The parts of speech change, and my
> grammar senses go weird. whitelist = adjective noun. allow-list = verb
> noun. verbing the adj/noun combo feels okay, but verbing a verb/noun is
> weird.
>
> And just using "allowed" and "denied" doesn't impart whether it refers
> to a _single_ instance or a _list_ of instances.
>
> But that's all fine. The change is easy to do and is more descriptive
> even if I can't find terms that don't collide with my internal grammar
> checker. ;)
How about yeslist and nolist? ;-)
> --
> Kees Cook
> _______________________________________________
> Ksummit-discuss mailing list
> Ksummit-discuss@...ts.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/ksummit-discuss
--
Sincerely yours,
Mike.
Powered by blists - more mailing lists