You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Sam Tunnicliffe (Jira)" <ji...@apache.org> on 2020/06/11 19:29:00 UTC

[jira] [Updated] (CASSANDRA-15862) Use "allow list" or "safe list" instead of the term "whitelist"

     [ https://issues.apache.org/jira/browse/CASSANDRA-15862?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sam Tunnicliffe updated CASSANDRA-15862:
----------------------------------------
    Test and Documentation Plan: Just CI for regressions
                         Status: Patch Available  (was: Open)

  I've updated branches from 2.2 to trunk. The only user-facing change is the {{org.apache.cassandra.db:type=BlacklistedDirectories}} mbean, which I've aliased to {{org.apache.cassandra.db:type=DisallowedDirectories}}. It's unfortunate, but I think we'll need to deprecate that in 4.0 and remove it later.

There's some binary test data (commit logs) which are found if you grep for the black/whitelist, but there's nothing in the actual tests which references their content so I've left them as they are. They're also already removed from trunk.

 
||branch||CircleCI||
|[15862-2.2|https://github.com/beobal/cassandra/tree/15862-2.2]|[circle|https://app.circleci.com/pipelines/github/beobal/cassandra/45/workflows/5e29a10f-1abf-430a-9c81-5ec27ef1e4de]|
|[15862-3.0|https://github.com/beobal/cassandra/tree/15862-3.0]|[circle|https://app.circleci.com/pipelines/github/beobal/cassandra/46/workflows/20c73b7f-9965-448b-93d1-f3e57ca40092]|
|[15862-3.11|https://github.com/beobal/cassandra/tree/15862-3.11]|[circle|https://app.circleci.com/pipelines/github/beobal/cassandra/48/workflows/45b7fdea-58f0-4c18-bb00-3de05c6faa59]|
|[15862-trunk|https://github.com/beobal/cassandra/tree/15862-trunk]|[jdk8|https://app.circleci.com/pipelines/github/beobal/cassandra/45/workflows/5e29a10f-1abf-430a-9c81-5ec27ef1e4de], [jdk11|https://app.circleci.com/pipelines/github/beobal/cassandra/47/workflows/036acc6f-b6e3-411b-a48d-ff1ff7f0d674]|

> Use "allow list" or "safe list" instead of the term "whitelist" 
> ----------------------------------------------------------------
>
>                 Key: CASSANDRA-15862
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-15862
>             Project: Cassandra
>          Issue Type: New Feature
>          Components: Legacy/Core
>            Reporter: Ash Berlin-Taylor
>            Assignee: Sam Tunnicliffe
>            Priority: Normal
>             Fix For: 2.2.x, 3.0.x, 3.11.x, 4.0-alpha
>
>
> Language matters. I'd like to remove all references in Apache Airflow to whitelist or black list, and the Cassandra Python API has some that we can't easily remove.
> The recent global events have made this even more relevant, but this has been on my radar for a while now. Here is a well written article for why I think it matters 
> https://www.ncsc.gov.uk/blog-post/terminology-its-not-black-and-white
> {quote}It's fairly common to say whitelisting and blacklisting to describe desirable and undesirable things in cyber security.
> However, there's an issue with the terminology. It only makes sense if you equate white with 'good, permitted, safe' and black with 'bad, dangerous, forbidden'. There are some obvious problems with this. {quote}
> My exposure to is via the Python API where there is the cassandra.pollicies.WhiteListRoundRobinPolicy class. I propose that this be renamed to AllowListRoundRobinPolicy instead. I do not know if there are other references.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org