Use "allowlist" and "blocklist" rather than "whitelist"

[bnb]

The terminology "whitelist" and "blacklist" are used in a way that mean "good, blessed, permitted, positive" and "bad, forsaken, forbidden, negative" respectively. These are problematic in our society for reasons that are relatively obvious.

Instead, it would be preferable to use "allowlist" and "blocklist" or "allowlist" and "denylist" where the terminology is present.

I'm happy to submit a PR to make changes where relevant. I wanted to get a +1 from the maintainers via an Issue first, however, so as not to be particularly intrusive with a PR that is focusing on a negative.

If the use of spdx-whitelist is a blocker, I'm also happy to help do work there and in its upstream dependencies to update its terminology or help rename and republish it to spdx-allowlist or whatever other terminology that is preferred.

References on others doing this same thing/discussing the subject:

• https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6148600/
• https://www.zdnet.com/article/uk-ncsc-to-stop-using-whitelist-and-blacklist-due-to-racial-stereotyping/
• https://blog.talosintelligence.com/2020/06/talos-replacing-blacklist-blocklist-allowlist.html
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=49decddd39e5f6132ccd7d9fdc3d7c470b0061bb

[ljharb]

Renaming the dep seems the only thing that's particularly onerous; everything else can be done in a semver-minor or semver-patch way. I'm on board, even if it's for "everything but renaming the package".

@kemitchell?

[kemitchell]

I have very little bandwidth ATM. @ljharb do you have perms to get this done?

[ljharb]

I'm pretty sure I have merge perms everywhere needed, at least - if you're ok with it, I'll let @bnb put up the PRs, and I'll get them landed, and then if at that point I'm missing any permissions, I'll ping you here?

(hope you recover soon!)

[bnb]

Hope you feel better soon @kemitchell ❤️

@ljharb I'll get a PR up this week.

[bnb]

closing since #73 was merged :)