On Fri, Sep 26, 2008 at 11:35:51AM -0500, Nicolas Williams wrote:
> On Thu, Sep 25, 2008 at 04:12:33PM +0200, Darren Reed wrote:
> > Nicolas Williams wrote:
> > >Or, better yet, why not replace "policy"/"apply_to" with "blacklist"/
> > >"whitelist"?
> >
> > This is bikeshed'ing...and you've forgotten grey...or it gray and not grey?
>
> Yes, it is bikeshed painting. I knew that before I posted, but then,
> when it comes to security UIs, they'd better not be confusing, don't you
> think?
>
> I do, so I thought the comment worth making, even if it contravened ARC
> etiquette.
>
> > IMHO, I prefer to see relevant policy words that are in common use elsewhere
> > in the industry for control words. Nowhere else in [Open]Solaris do we have
> > the concept of "white" and "black" (that I'm aware of), so it would seem
> > extremely inappropriate to introduce that new concept here.
>
> Perhaps, but those terms ("whitelist" and "blacklist") are widely in use
> in general. And as for 'allow' being "the most restrictive mode" --
> that's confusing!
>
> Where else in Solaris do we have an example of such a design?
You have to bear in mind the property names as well. If the policy is
"allow" and is "applied_to" host x, then you'd expect host x to be
allowed and nobody else. I found this not confusing; the converse would
be.
Ceri
--
That must be wonderful! I don't understand it at all.
-- Moliere
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL:
<http://mail.opensolaris.org/pipermail/opensolaris-arc/attachments/20080926/d6a699a6/attachment.bin>
