[em-bee]

i am not sure we are getting anywhere with this argument. i don't really see the point. when a list has a fixed number of possible entries, then the difference between whitelist and blacklist is purely academic. the result is exactly the same.

[fastball]

You seem to be talking about reciprocal lists (blacklist of 3 -> whitelist of 247, whitelist of 10 -> blacklist of 240, etc), which is not what OC was talking about. OC was specifically talking about going from a "small whitelist" to a "small blacklist". Not a "large whitelist to a small blacklist" and certainly not anything the other way around.

Whitelist with 3 countries: I have vetted three countries, and know my employees can operate in those countries legally without issues.

Blacklist with 3 countries: I either need to vet 247 countries to ensure my employees can operate there legally, or I am just assuming that those 247 countries are fine without actually doing the due diligence.

Again, going from a blacklist of 3 countries to a whitelist of 247 countries is obviously not an issue. You're operating on the same data. The issue is going from a whitelist of say 3 countries and then not going to a reciprocal blacklist of 247 countries, but a much smaller blacklist of 3. This is what Gitlab has effectively done in OC's estimation. That either means you vetted those 244 extra countries that are now on your "whitelist", or you're making a lot of assumptions.

[em-bee]

you are right, i completely misread that.