Hi everyone, I have just opened a PR to rename the few of the remaining instances of whitelist or blacklist in our code base. (There weren't many.) There are some we can't remove yet (because they are modules/classes/config from external modules. I have opened issues in those projects for most of them)
It's fairly common to say whitelisting and blacklisting to describe desirable and undesirable things in cyber security. Just because it is common doesn't mean it's right. However, there's an issue with the terminology. It only makes sense if you equate white with 'good, permitted, safe' and black with 'bad, dangerous, forbidden'. There are some obvious problems with this. You may not see why this matters. If you're not adversely affected by racial stereotyping yourself, then please count yourself lucky. For some of your friends and colleagues (and potential future colleagues), this really is a change worth making. From now on, we will use 'allow list' and 'deny list' in place of 'whitelist' and 'blacklist' wherever possible. Which, in fact, is clearer and less ambiguous. So as well as being more inclusive of all, this is a net benefit to our understandability. (Words mostly borrowed from https://www.ncsc.gov.uk/blog-post/terminology-its-not-black-and-white) And to reaffirm the trailer from that blog post: If you’re thinking about getting in touch saying "this is political correctness gone mad", or "what's the big deal", don’t bother. If that is your view then you are not welcome in this community. The PR is https://github.com/apache/airflow/pull/9174 -ash
