| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALCETrWmK-b6apB57mp8oaSRNpcSLdoCFAXEp4EF-9LSUDNFBA@mail.gmail.com>
Date: Fri, 17 Jul 2020 09:47:23 -0700
From: Andy Lutomirski <luto@...nel.org>
To: Takashi Iwai <tiwai@...e.de>
Cc: Dan Williams <dan.j.williams@...el.com>,
ksummit <ksummit-discuss@...ts.linuxfoundation.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
SeongJae Park <sjpark@...zon.de>,
LKML <linux-kernel@...r.kernel.org>,
tech-board-discuss@...ts.linuxfoundation.org,
James Bottomley <James.Bottomley@...senpartnership.com>,
Dave Airlie <airlied@...hat.com>,
Christian Brauner <christian.brauner@...ntu.com>,
Dan Carpenter <dan.carpenter@...cle.com>
Subject: Re: [Ksummit-discuss] [PATCH v3] CodingStyle: Inclusive Terminology
On Mon, Jul 13, 2020 at 1:02 AM Takashi Iwai <tiwai@...e.de> wrote:
>
> On Wed, 08 Jul 2020 20:14:27 +0200,
> Dan Williams wrote:
> >
> > +Recommended replacements for 'blacklist/whitelist' are:
> > + 'denylist / allowlist'
> > + 'blocklist / passlist'
>
> I started looking through the tree now and noticed there are lots of
> patterns like "whitelisted" or "blacklisted". How can the words fit
> for those? Actually, there are two cases like:
>
> - Foo is blacklisted
> - Allow to load the non-whitelisted cards
>
> Currently I'm replacing the former with "Foo is in denylist", but not
> sure about the latter case. I thought Kees mentioned about this, but
> don't remember the proposal...
Hmm. In these cases, we're trying to convey one of two things. A
given device/platform/CPU/whatever could be known to be problematic
and thus disallowed, or we could have a policy that we generally don't
trust hardware but we have specific reason to believe that this
particular hardware is okay. After doing a highly scientific sampling
of a few cases, some of these are indeed lists and some are not.
If we're going to look for new words for these concepts, perhaps we
shouldn't focus on the *list* aspect -- after all, that's just a
rather popular implementation detail, but it's not the core concept
we're trying to express. As an example case, we have a horrible
concept in which some Intel CPUs support a form of memory failure
recovery, and there is no enumeration mechanism. Instead, there's a
list (sigh). So we could say "your CPU is whitelisted for
such-and-such," which at least gets the idea across, but saying "your
CPU is allowlisted for such-and-such" seems like a stretch. It's not
that we have a policy to allow things on the list -- it's that we
think that CPUs not on the list simply don't have the relevant
capability.
Here are some brainstormed ideas:
- Such-and-such feature is quirked off. (Or disabled due to a quirk.)
- Your device is not on the known-good list.
- Your device is not known-good. It might work anyway -- to try it,
set such-and-such option.
- Your device is known bad.
- Your device is busted and we think you should pressure the
manufacturer to fix it.
- Your device is too old and no longer supported.
- Seriously, you're trying to use an 80386 on a modern kernel? No
thanks. We think it's neat that you still have one that works,
though.
- (Specifically for modules and not part of the Linux kernel tree)
disable_autoload instead of blacklist, perhaps?
Part of my point is that we use blacklist and whitelist to mean
various things, and I don't think we should try to invent a couple of
new catch-all terms to replace them. Perhaps replacing these words
could be an opportunity to come up with better descriptions at the
same time.
Powered by blists - more mailing lists