
GitHub confirms it has blocked developers in Iran, Syria and Crimea - jmsflknr
https://techcrunch.com/2019/07/29/github-ban-sanctioned-countries/
======
dijit
Same as Gitlab then[0].

US Sanctions should not affect internet services (so long as they are provided
for free)[1], but political pressure appears to be very strong.

Personally I find it quite abhorrent, and would cite this as a reason not to
use US based companies in future.

[0]: [https://about.gitlab.com/2018/07/19/gcp-move-
update/](https://about.gitlab.com/2018/07/19/gcp-move-update/)

[1]: [https://www.treasury.gov/resource-
center/sanctions/Programs/...](https://www.treasury.gov/resource-
center/sanctions/Programs/Documents/ukraine_gl_9.pdf)

~~~
marcthe12
The thing I am woried is that harfbuzz is developed by Iranian developer. It
is an integral part of Linux font stack.

~~~
dijit
I would have said "move to git.kernel.org" but that's also hosted by a US
based provider:

    
    
        organisation:   ORG-PHI3-RIPE
        org-name:       Packet Host Inc
        org-type:       OTHER
        address:        30 Vesey Street, Suite 900, New York, NY 10007 US
    

And, obviously GNOME git servers are US based, since they're owned by
RedHat/IBM.

~~~
maze-le
Use a self hosted gogs installation ([https://gogs.io/](https://gogs.io/))
under your own domain and root server outside US jurisdiction.

~~~
nerdponx
GitLab is self-hostable as well, although I imagine Gogs is easier.

~~~
dijit
Gitlab is actually super easy if you keep to the omnibus installation methods
or docker image.

The only problem regarding gitlab is resource consumption.

------
majia
If Crimea was unwillingly annexed by Russia, then the sanction is punishing
the victim instead of the criminal. If Crimea people genuinely supported the
unification with Russia and received sanction for that, then it is a blatant
attack on Crimean people's freedom.

~~~
PunchTornado
pff, ridiculous comment. a region doesn't have the right to attach itself to
another state.

think about it. a bunch of russians move to somewhere near grand canion, do a
referendum and then proclaim it russian territory.

~~~
dijit
There aren't many examples of Unification, but there are examples, maybe this
wouldn't be considered one of them.

My home country for instance is the "United Kingdom" which is made of up of
countries/territories that unified many hundreds of years ago.

There's other examples such as the formation of Italy:
[https://en.wikipedia.org/wiki/Italian_unification](https://en.wikipedia.org/wiki/Italian_unification)

However, if it's not annexation it's probably better described as "ceding"; an
American example: France ceded Louisiana to the United States by the treaty of
Paris, of April 30, 1803. Spain made a cession of East and West Florida by the
treaty of February 22, 1819.

Cessions have been severally made of a part of their territory by New York,
Virginia, Massachusetts, Connecticut, South Carolina, North Carolina, and
Georgia.

~~~
galangalalgol
unified is a proper term perhaps but at the time the gaelic speaking peoples
would have probably used conquered or maybe colonized.

~~~
dijit
This is not an appreciable understanding of history. If talking about the UK
specifically.

------
cardigan
Posting Nat Friedman's tweets here so they're easier to read - they're doing
more than most companies about the whole thing, not sure where the vitriol in
these comments is coming from:

It is painful for me to hear how trade restrictions have hurt people. We have
gone to great lengths to do no more than what is required by the law, but of
course people are still affected. GitHub is subject to US trade law, just like
any company that does business in the US.

To comply with US sanctions, we unfortunately had to implement new
restrictions on private repos and paid accounts in Iran, Syria, and Crimea.

Public repos remain available to developers everywhere – open source repos are
NOT affected.

The restrictions are based on place of residence and location, not on
nationality or heritage. If someone was flagged in error, they can fill out a
form to get the restrictions lifted on their account within hours.

Users with restricted private repos can also choose to make them public. Our
understanding of the law does not give us the option to give anyone advance
notice of restrictions.

We're not doing this because we want to; we're doing it because we have to.
GitHub will continue to advocate vigorously with governments around the world
for policies that protect software developers and the global open source
community.

~~~
hkai
It's crazy how Trump imposed these restrictions against innocent people and
got away with it.

~~~
mrtksn
I don’t think that it would have been different if someone else was the
president. Pre-Trump I had a vacation in Cuba and since I knew that the
internet is a luxury there I made Spanish available offline on Google
Translate. Works great, then I made the mistake to launch the app when I hade
one hour access to the internet in Havana and puff translate is gone. I’m not
allowed to use it there. That surely destroyed the communists.

~~~
yxhuvud
When it comes to Iran, it definitely would have been different, considering
that it was Obama that made the deal that Trump decided to break.

~~~
mrtksn
Oh definitely, my comment was intended to highlight how blunt these tools are.

------
mugsie
The US trade restrictions are pretty far reaching. They block companies
trading with countries and companies on entity list . It also bans US
companies from dealing with companies that deal with countries and companies
on the list.

So let us look at this:

1\. GitHub becomes a Maltese company. 2\. GitHub allows Iranian users to use
all features 3\. No US company could buy a GitHub Enterprise licence, or a
private org.

The export restrictions don't let them notify people that the ban is coming -
once they identify the users that are under the Export Restrictions, allowing
them to download (aka export) their repos is a breach. They did as much as
they could to allow them to keep their accounts at all (and this is only due
to export restrictions having exclusions that cover "publicly available
source").

GitHub did what they had to do to avoid being censured by the US Gov, and did
it better than a lot of other tech companies recently, by leaving some level
of access.

If you don't like the ban, and you are in the US, contact your elected
representatives, and let them know - it is the only way it changes.

~~~
miracle2k
That's not true. There are already many non-US companies who are providing
services to Iran in the same sense that Github is providing services, and
those companies are also having US clients, proving that it can be done.

Now, if a Maltese-Github were specifically designated by OFAC, then sure. But
that's fairly unlikely.

~~~
mugsie
> and those companies are also having US clients, proving that it can be done.

Proving they haven't been caught, or may not even know about the US Dept of
Commerce entity list.

~~~
miracle2k
Yes, in a way they haven't been caught. However, I want to point out that only
US companies and persons are obligated to follow the sanctions. The reason why
foreign companies might also follow them is because they don't want to end up
being designated themselves.

And this is not realistically going to happen unless you are a large
multinational, bank, or doing business in sensitive sectors.

Not actively blocking accounts identified as Iranian is not even the same as
specifically trading with Iran. Like many smaller US-based web-services who
also do not actively block, Github might well have gotten away with it as
well, like the did the last couple of years.

A Maltese-based company not blocking Iranian users might be designated, but
unless they are, and it is pretty unlikely that they would be, they are doing
nothing wrong under US law.

~~~
mugsie
The real risk is to their US end users - if a US company is found to have
commercial dealings with a company that has commercial dealings with Iran / N.
Korea etc, the US company is in breach of the regulations.

So in this case, if Bank of America had a company subscription with this
hypothetical Maltese GitHub, BoA would be in breach, and could face sanctions
(and this would probably cause the Maltese GH to get on the entity list as
well)

------
snitko
We made it point now to avoid all US-based services. While we're not affected
by the sanctions yet, it seems like it is a possibility in the future. There's
really not a lot of reasons to use Gitlab or Github or Slack or a number of
other services. They're not exceptional in any way and can be replaced by
other open-source or commercial projects.

~~~
diminoten
Convenience and speed aren't reasons?

You're handicapping yourself against your competitors, and no one who does
that lasts very long.

~~~
snitko
Don't see it that way. If I set up a process once, using software that's been
tested and been around for a while, it's extremely convenient. And free. And
there's no risk of deplatforming.

~~~
diminoten
You're completely ignoring feature parity, among many, many other things in
your oversimplification...

Ask any founder here: people don't generally randomly throw money without
getting value; ergo these multibillion dollar services you're pretending are
entirely replaceable with free tools offer some additional value .

~~~
snitko
I'm a founder. I'm extremely careful not throwing money. And I'm especially am
aware of the changing environment. The internet is no longer free. You depend
on a third party, you lose. The only true way is to gradually build your own
infrastructure as you grow.

~~~
diminoten
That's fine, but pretending like this is an objectively superior solution and
the value prop of these companies doesn't exist is flat wrong.

What if someone applied your own logic to buying your product (why pay when I
can get the exact same thing from free tools)? It'd be annoying and generally
wrong, wouldn't it?

~~~
snitko
I'm happy to pay. To me, however, the value lies in predictability,
sustainability and avoiding the risk of deplatforming. Tech companies come and
go and are subject to political issues (as proven by Github). Thus, sometimes,
it's wiser to pay engineers to set things up than buy a product/service.

~~~
diminoten
You're shifting the conversation though, this wasn't about what your
priorities are it was about whether or not the products provide value. You
claimed they don't, you are now saying they do provide value?

~~~
snitko
I never said those products don't provide value, I only said they're not
exceptional in providing that value and that value can be obtained by
carefully considering alternative solutions.

~~~
diminoten
> There's really not a lot of reasons to use Gitlab or Github or Slack or a
> number of other services.

That is completely different from what you are saying now...

Also, "that value can be found elsewhere" is a devious little shift in the
meaning of the word "value" in "value prop". Nice try but no, that isn't the
same thing.

------
blodovnik
I know lots of Iranian people and they are universally kind generous lovely
people.

I hate the way Iran is demonized so politicians can point out an enemy.

We were flat out lied to about Iraq. Demonization of Iran is no different.

~~~
raxxorrax
Irans government is pretty backwards. The Iranian society is and was much more
open a few decades ago. Truly a sad story of development in the completely
wrong direction.

~~~
ashelmire
Have you seen the US lately? We're en route to undoing Roe v Wade, the Civil
Rights Act, years of progress on other matters, etc, and we've already
basically given up on functional democracy by allowing corporations to spend
as much as they want on candidates. What do they say about those in glass
houses...?

~~~
ApolloFortyNine
The female lawyer who defended a woman who refused to wear a hijab was
sentenced to 38 years in prison and 148 lashes. [1]

Homosexuality is punishable by death. [2]

Please don't act like the problems you see in the U.S are the same problems
they have in Iran.

[1] [https://www.washingtonpost.com/opinions/global-
opinions/she-...](https://www.washingtonpost.com/opinions/global-opinions/she-
defended-iranian-women-who-removed-their-hijabs-now-shes-been-given-38-years-
in-
prison/2019/03/17/b1720fea-45b1-11e9-aaf8-4512a6fe3439_story.html?utm_term=.dbb3b95bf7dc)
[2] [https://www.usatoday.com/story/money/2019/06/14/countries-
wh...](https://www.usatoday.com/story/money/2019/06/14/countries-where-being-
gay-is-legally-punishable-by-death/39574685/)

~~~
sixQuarks
Don't forget it was the US that destroyed Iran's democracy in 1953, installed
a puppet dictator, leading to the islamic revolution we see today.

------
Alir3z4
There's a repository that has made many aware of such problem
[https://github.com/1995parham/github-do-not-ban-
us](https://github.com/1995parham/github-do-not-ban-us)

As an alternative for Iranian developers and any other who was affected by
such problem, I've setup [https://gitfoo.com/](https://gitfoo.com/)

It's a hosted version of gitea. I have enough resources and interest to
maintain and keep it going.

------
raesene9
To me, this is another example of the "splinternet" phenomenon where the
Internet is, in some ways, moving to become less of a universal resource and
more regional in nature.

It's a shame, as a lot of benefit has been derived from having globally
available information exchange, but it seems the trend is for regions or
nation states to want more control over Internet based resources, as they
become more important to the operation of those countries.

------
mythz
There's a lot of misinformation in this thread, from GitHub CEO [1]:

"It is painful for me to hear how trade restrictions have hurt people. We have
gone to great lengths to do no more than what is required by the law, but of
course people are still affected. GitHub is subject to US trade law, just like
any company that does business in the US."

"To comply with US sanctions, we unfortunately had to implement new
restrictions on private repos and paid accounts in Iran, Syria, and Crimea.

Public repos remain available to developers everywhere – open source repos are
NOT affected."

"The restrictions are based on place of residence and location, not on
nationality or heritage. If someone was flagged in error, they can fill out a
form to get the restrictions lifted on their account within hours.

More info is on our policy page: [https://help.github.com/en/articles/github-
and-trade-control...](https://help.github.com/en/articles/github-and-trade-
controls) "

GitHub is just complying with US trade law, it's not just because they're a US
company, any company doing business in the US also has to comply.

[1]
[https://twitter.com/natfriedman/status/1155311121038864384](https://twitter.com/natfriedman/status/1155311121038864384)

------
petercooper
I'm curious.. why is this very suddenly an issue? Haven't countries like Iran
and Syria been under embargo for years? Have more restrictive laws around
sanctions been passed in recent weeks?

~~~
umanwizard
I’m not sure but I suspect the change is due to GitHub having been bought by
MS which has more competent (or more paranoid.... or maybe just more) lawyers.

------
freestate
How about someone build a platform that is freely available that pushes to
github from a not banned Location. Or just stop using github and create or
find a truly free platform.

~~~
amdavidson
Don't build a system to circumvent sanctions if you're within the reach of the
US Government, AKA much of the world.

[https://en.wikipedia.org/wiki/List_of_United_States_extradit...](https://en.wikipedia.org/wiki/List_of_United_States_extradition_treaties)

~~~
jwieczorek
There's room for building instruments like this at a state-sponsored level in,
say, the EU. The EU has already been working on a special clearing house that
would help European businesses circumvent the US-imposed sanctions.

[https://www.aljazeera.com/news/2019/06/system-circumvent-
san...](https://www.aljazeera.com/news/2019/06/system-circumvent-sanctions-
iran-ready-german-fm-190610070011253.html)

~~~
A4ET8a8uTh0
You are not wrong on facts. The problem for Iran is that EU does not really
seem to want to actually do anything other than words and vague promises.
Instex was a promise of sorts, but UE chickened out ( for a good reason after
most govn. representatives including Lindsay said something along the lines u
either wiff us or against us ). One of the reasons Iran grabbed a ship was to
pressure EU to make it an actual option and not a talking point.

------
TazeTSchnitzel
‘[…] services such as access to public repositories will remain available to
everyone, […] “This includes limited access to GitHub public repository
services (such as access to GitHub Pages and public repositories used for open
source projects), for personal communications only, and not for commercial
purposes.”’

------
mehdix
Assuming that this is a Cuba, Iran or Syria problem is misleading, even though
it renders most of things that I've made in my free time useless.

Having free access to open source code is important. As a developer I'd try to
self-host more and try decentralized solutions instead of relying on corporate
entites to protect my interests.

------
kerblang
Saw some other debate in here about whether the law applies only to countries
or also to individuals... Here's two federal govt lists of banned individuals:

[https://www.bis.doc.gov/index.php/the-denied-persons-
list](https://www.bis.doc.gov/index.php/the-denied-persons-list)

[https://www.treasury.gov/resource-center/sanctions/SDN-
List/...](https://www.treasury.gov/resource-center/sanctions/SDN-
List/Pages/default.aspx)

------
Flip-per
That's a great opportunity to build similar code-hosting platforms (and other
software/services) outside of the US. Just for political reasons many people
might like to switch...

------
badrabbit
Good time to advocate ipfs!

[https://docs.ipfs.io/guides/examples/git/](https://docs.ipfs.io/guides/examples/git/)

------
mr__y
Thankfully github is not a walled garden and repo can be moved to any other
public or self-hosted git (well, at least the code itself). Or, as someone
already suggested, use an external service/server that pushes the commits into
git(hub|lab) repo. Git also seems to be relatively easy to work in a federated
ecosystem - the only problem to be solved is read/write access in such
environment.

------
jlengrand
I'm curious to hear what Gitlab has to say about this, or if they will have
some kind of official communication specifically on that matter.

~~~
yuchi
See [https://about.gitlab.com/2018/07/19/gcp-move-
update/](https://about.gitlab.com/2018/07/19/gcp-move-update/)

~~~
jlengrand
Yes, thanks!

~~~
miracle2k
Note that this is not quite the same. Gitlab made a technical decision to move
to Google Cloud, and Google Cloud has its own, much more outrageous block on a
network level.

Gitlab not being accessible from Iran is a by-product of that move, not a
conscious decision Gitlab made.

Arguably, if I create a Gitlab Account using a VPN but put country of
residence "Iran", and Gitlab lets me do that, then Gitlab does not have the
same policy has Github.

~~~
jlengrand
Ha, good additional info indeed. I took the Github post as in "if I'm in Iran
but use a VPN, and set Iran as country of residence I'm fine".

------
floor_
How are private repos handled in this situation? From what I remember private
repos go public if you fail to pay for them after a month.

------
kekebo
Are there currently any serious competitors to Github/Gitlab (or instances of
the latter) outside the reach of US politics?

------
stunt
I think that's a fair answer and is totally understandable from Github's
standing point.

Wish they could give a heads up earlier.

------
aerojoe23
I think it is interesting and a shame that we accept centralized issue
tracking at all. Git is wonderfully distributed, probably in more than most of
the github users realize. Unless they've gone out of their way to learn about
it.

When things like this (github's ban) happen, I think it is too bad that we
don't have a widely accepted issue tracker built into git. To be a little more
clear, you'd get all of the source and all the issues when you clone or pull.
Updating would work just like updating files when you push.

Microsoft has appeared to start loving open source. I'm sure there are people
there that do, but Microsoft itself I wouldn't be so sure. The are certainly
embracing it.
[https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...](https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguish)

~~~
jayshua
I mean, you could just make a folder with a text file in it for each issues.
People can write comments in it. Move them into a "complete" folder when done.
Write down who it's assigned to at the top. You wouldn't get some of the more
complex features of course, but I'm not sure a git built in issue tracker
could do most of that anyway. Not clear how it could send email notifications?

------
jokoon
I wonder is those could be related to cyber security measures, not political
measures.

~~~
red_admiral
Very unlikely in my opinion - if the Iranian Revolutionary Guard did want to
attack something, I doubt they would do it from an IP address in their own
country. I'm sure they have a decent botnet or two somewhere else, that's like
opsec 101.

Similarly, although Crimea specifically is now IP-banned, the rest of the
Russian Federation is not.

This is exactly what it looks like: a political sanction.

------
mohas
This is what happens when mega companies take over, they helped to make github
what it is today just like every body else, and banning them without any
notice just to see them suffer, that's low

------
unnouinceput
"GitHub confirms it has blocked developers in Iran, Syria and Crimea" \- you
mean Microsoft, right? Because last I checked Microsoft bought GitHub, fully!

------
kerkeslager
As far as I know, SourceHut[1] is still available everywhere.

[1] [https://sourcehut.org/](https://sourcehut.org/)

EDIT: I stand corrected.

~~~
Sir_Cmpwn
Sourcehut is US operated and I cannot accept users from sanctioned countries.
You can run your own instance if your legal circumstances differ, but you
cannot use the official hosted version.

~~~
kerkeslager
As other users have pointed out, the sanctions don't apply to internet
services as long as they are provided for free[1]. So this is political
pressure, not legal requirement.

I'm disappointed that you've chosen to give in to the political pressure. I
posted about SourceHut to promote your service because I thought you were
doing something better than the big guys.

[1] [https://www.treasury.gov/resource-
center/sanctions/Programs/...](https://www.treasury.gov/resource-
center/sanctions/Programs/Documents/ukraine_gl_9.pdf)

~~~
Sir_Cmpwn
SourceHut accepts payments and will eventually become paid-only. I am a one-
man operation and I don't have the legal wherewithal to stand up to the
government. You can tell me how this legal fight fits into our budget, the
finances are public:

[https://lists.sr.ht/~sircmpwn/sr.ht-
discuss/%3CBVRVZEWYB30Q....](https://lists.sr.ht/~sircmpwn/sr.ht-
discuss/%3CBVRVZEWYB30Q.3HGIC803LDBH7%40homura%3E)

I have to prioritize the health of the service for everyone above the needs of
a few people.

------
Reason077
Wait, Crimea's on the sh*tlist now too? Is this new?

~~~
NovemberWhiskey
No; this goes back to 2014.

[https://www.treasury.gov/resource-
center/sanctions/Programs/...](https://www.treasury.gov/resource-
center/sanctions/Programs/Documents/ukraine.pdf)

------
ksajadi
Is there an easy to understand guide for SaaS businesses to be compliant with
these specific sanctions?

~~~
sdinsn
Yes: don't provide any products or services to Iran, Syria, North Korea, or
Crimea.

~~~
A4ET8a8uTh0
Uhh. I am sure you know that there exception to every rule. Hell, even current
set of Iranian sanctions have them.

------
jhthenerd
Looks like it's time to switch to decentralized git repositories

------
PopeDotNinja
Will they start blocking VPN access ;(

------
ralmidani
I despise all 3 regimes, but these sanctions harm the people more than they
harm the regimes. Sanctioning Crimea specifically makes no sense whatsoever.
Why not instead sanction Putin who, you know, is the one who occupied Crimea?

------
njudah
This thread is a useful reminder to US citizens that if you haven’t registered
to vote, its a great idea to do so. The margins of victory in 2016 were small
enough (in swing states) that a mobilized hackernews community could have made
the difference.

~~~
kickopotomus
This move has little to do with the current political climate and is more so
associated with risk reduction from Microsoft as technology and regulations
regarding technology (see Facebook) are coming into focus.

All companies that do business with the US are required to abide by the Export
Administration Regulations (EAR)[1] which prohibits exports (unless explicitly
exempt) to sanctioned countries. The US has had sanctions on Iran since
1987[2].

This move would have likely happened regardless of who is in the White House.

[1]:
[https://en.wikipedia.org/wiki/Export_Administration_Regulati...](https://en.wikipedia.org/wiki/Export_Administration_Regulations)

[2]:
[https://en.wikipedia.org/wiki/United_States_sanctions](https://en.wikipedia.org/wiki/United_States_sanctions)

