From 43ba4de8262c7d1c0e290bed9731c0ccacad6c01 Mon Sep 17 00:00:00 2001
From: Eddie Webb <ollitech@gmail.com>
Date: Wed, 27 Feb 2019 08:41:34 -0500
Subject: [PATCH] Replace whitelist/blacklist with safelist/unsafe list

---
 InvalidFlag.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/InvalidFlag.md b/InvalidFlag.md
index 64b0c9b2..adfc6ac6 100644
--- a/InvalidFlag.md
+++ b/InvalidFlag.md
@@ -4,20 +4,20 @@ This page describes the background for build errors like `invalid flag in #cgo C
 
 [CVE-2018-6574](https://nvd.nist.gov/vuln/detail/CVE-2018-6574) described a potential security violation in the go tool: running `go get` downloads and builds Go code from the Internet, Go code that uses cgo can specify options to pass to the compiler, so careful use of `-fplugin` can cause `go get` to execute arbitrary code.  While it is difficult to block every possible way that the compiler might be attacked, we have chosen to block the obvious ones.
 
-As described at [issue 23672](https://golang.org/issue/23672), this is done by using a whitelist of compiler/linker options that are permitted during `go get`, `go build`, and friends.  When cgo code tries to use to pass an option that is not on the whitelist, the go tool will report an error `invalid flag in #cgo CFLAGS` (or `#cgo LDFLAGS`, `pkg-config --cflags`, `pkg-config --ldflags`, and so forth).
+As described at [issue 23672](https://golang.org/issue/23672), this is done by using a safelist of compiler/linker options that are permitted during `go get`, `go build`, and friends.  When cgo code tries to use to pass an option that is not on the safelist, the go tool will report an error `invalid flag in #cgo CFLAGS` (or `#cgo LDFLAGS`, `pkg-config --cflags`, `pkg-config --ldflags`, and so forth).
 
-This whitelist is new in releases 1.8.7, 1.9.4, and 1.10, and all subsequent releases.
+This safelist is new in releases 1.8.7, 1.9.4, and 1.10, and all subsequent releases.
 
 ## What can I do?
 
 If this happens to you, and the option is benign, you should do two things:
 1. Set the environment variable `CGO_CFLAGS_ALLOW` (or `CGO_LDFLAGS_ALLOW`, `CGO_CXXFLAGS_ALLOW`, and so forth) to a [regexp](https://golang.org/pkg/regexp/) that matches the option.
-2. [File a bug](https://golang.org/issue/new) requesting that the option be added to the whitelist.  Be sure to include the complete error message and, if possible, a description of the code you are building.
+2. [File a bug](https://golang.org/issue/new) requesting that the option be added to the safelist.  Be sure to include the complete error message and, if possible, a description of the code you are building.
 
-## Why not use a blacklist?
+## Why not use an unsafe list?
 
 Because if some new unsafe option is added to a compiler, all existing Go releases will become immediately vulnerable.
 
-## Why not get a complete list of compiler options and whitelist all of them?
+## Why not get a complete list of compiler options and safelist all of them?
 
 Because there are hundreds of options, and there is no clear way to get a complete list.  Many compiler and linker options are target dependent, and thus only reported on specific platforms or in specific configurations.  The documentation is known to be incomplete.
\ No newline at end of file