
Gitlab's Director of Risk and Global Compliance Resigns - FLIINO
https://www.reddit.com/r/gitlab/comments/dtfccm/gitlabs_director_of_risk_and_global_compliance/
======
rdslw
Candice Ciresi (aforementioned director) commented: "As I believe GitLab is
engaging in discriminatory and retaliatory behavior, I have tendered my
resignation."

E-mail notification (her resignation):
[https://i.imgur.com/AE8UtvD.png](https://i.imgur.com/AE8UtvD.png)

First time it was edited:
[https://i.imgur.com/7N7mTC2.png](https://i.imgur.com/7N7mTC2.png)

Current version:
[https://i.imgur.com/YjWmpGk.png](https://i.imgur.com/YjWmpGk.png)

~~~
cjbprime
This:

We will not tolerate Very Serious Charge X. This post did not do X, but other
people did and this post says something critical of us so we removed it.

construct is quite something.

~~~
dplanella
For clarity and for the context of this thread => From GitLab: We did decide
to moderate this post for review, as there have already been credible personal
and physical threats against GitLab employees in this issue thread. GitLab
cannot tolerate posts that threaten our employees (or anyone) personally, or
posts that we believe may further inflame threats that have already been made.
While this particular post did not contain a personal threat to anyone, we
were concerned it would further inflame this situation. We understand that
those who follow the issue already received the comment.

~~~
dev_by_day
You can stop copy and pasting this response everywhere, it's already in the
screenshot.

Censoring a respectful employee resignation, regardless of whatever "spin" you
try to justify it with, is not a good look for your company.

You're guideline here is basically it makes gitlab look bad and you want to
hide it to avoid further negative feedback. The thread is already locked so no
further trolling can be posted in that thread.

~~~
Acatalepsy
I am not at all surprised if it was the VP of Engineering, the author of the
issue, who would be the one to censor her resignation. It would not be the
first time he would be spinning things around and creating a culture of fear.
I am not at all surprised she would face retaliation.

~~~
dang
No personal attacks please. They only hurt, not help, and any substantive
point can be made without them.

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

------
dessant
I was expecting Paul Machle (CFO) to resign, at least they seem to be
completely divorced from the values that GitLab was built upon.

> I don’t understand. This should not be an opt in or an opt out. [Telemetry]
> is a condition of using our product. There is an acceptance of terms and the
> use of this data should be included in that.

[https://gitlab.com/gitlab-
org/gitlab/merge_requests/14182#no...](https://gitlab.com/gitlab-
org/gitlab/merge_requests/14182#note_203849107)

~~~
Operyl
Honestly, it's the end of an era for Gitlab it seems to me. The CFO's views
are going to become the new norm, and I doubt there's much the CEO will do to
course correct (since this latest issue seemed to involve him with a big
client contract?). I expect another "we're sorry, we won't do it again!" as
we've gotten the past few times, but I am trusting those less and less.

~~~
dessant
The general direction of GitLab can also be steered by employees. They could
organize, publish a statement, and refuse to check in for work on Monday.

It all depends on how many GitLab employees believe strongly enough in these
values, and how many are willing to take some risks and defend the company and
its values.

~~~
AnonGitLabEmpl
I've thought about this a lot. We could, but we are all literally terrified
for our jobs and of retaliation.

~~~
echelon
> we are all literally terrified for our jobs

Life as an employee shouldn't be like that. I think GitLab is in a unique
situation since a lot of y'all are remote and there aren't a lot of comparable
positions available.

We need more remote working opportunities, because when there are just a few,
the companies that allow it are able to string along their employees.

~~~
AnonGitLabEmpl
Absolutely. I think this is one of the strongest things keeping people here.
The golden handcuffs. Everything sucks, but our situation is unique. Many
positions have lots of personal freedom such as flexible working hours. You
can work from wherever, you can travel. That's hard to leave.

~~~
notus
If you're not averse to working for startups there are a lot of opportunities
out there. I actually got rejected by gitlab and then got an offer from a
startup for more money than I would have gotten at gitlab. There's quite a few
remote first places out there too like Duck Duck Go, Mattermost, Zapier,
Auth0, Automattic, Stripe just added a remote division but not remote first,
Invision, just off the top of my head. I get changing jobs is full of
uncertainty but don't sell yourself short either, the market has changed quite
a bit probably since you were last actively looking.

------
lacker
To me this seems like a huge self-inflicted mess by GitLab. Normal companies
don’t make touchy personnel issues public. Things like “we need to stop hiring
Russian employees onto the support team because clients disapprove”. It’s cool
to be so open in an abstract sense, but watching this play out in public
really just makes me want to not air this sort of issue out in public when it
comes to my own workplace.

~~~
dustinmoris
There's nothing cool even in an abstract way if you're discrimminating people
based on race and heritage in a public way. It's called racism and bigotry and
the more public it is the more disgusting it is.

~~~
tracker1
It's not a matter of race, it's a matter of location... GitLab has made the
decision to not allow administrative (or any?) roles for those located in
Russia or China. It's not about race, from what I can tell.

Russia and China engage in state sponsored industrial espionage, hacking and
sometimes destructive measures frequently. Of course others have as well, but
not nearly to anything resembling the same level and scale.

It got so bad at work, we had to block the entire country subnets at our
routers. I would also think that most corporations would probably not allow
for this. While the recent South Park episodes show a lot of humor, they don't
even scratch the surface of how bad things are and how much internal influence
and coercion those countries have on their residents.

Some of the best programmers I've worked with in my career are expats from
China and Russia, including running a dev team out of China a while back, but
I absolutely would not want to do significant (software/development/it)
infrastructure business with residents of those countries in practice. It's
unfortunate in the software development space in particular.

------
helen___keller
Ignoring for a second the ethics of hiring bans around particular countries, I
find it interesting that this is in a way a problem that _uniquely_ belongs to
a distributed organization

In a traditional organization, none of your employees will reside in country X
unless you actively open an office in that country. The organization may
choose to develop satisfactory IT controls and administration tools before
doing so, or simply not do so at all.

For a distributed organization like Gitlab, there is a presumption that
employees live where they want unless told otherwise. Hence, the pains that
Gitlab is going through now.

~~~
siruncledrew
Another interesting aspect to a globally distributed team like this is how
it's inherently uncertain how the business will be impacted by dynamic
geopolitical changes/rules across the world.

Here it's about China and Russia. But the next day it could be government
pressure on hiring bans in Pakistan or Indonesia or South Africa or Peru based
on whatever countries are in a spat at the moment.

What happens to the current employees then? "Sorry, you're fired"?

~~~
zndr
When ukraine was starting it's revolution in 2013/4, and it was unclear what
was going to happen in the country, if it would break into war, or just become
some place we could no longer keep our 250 employees, my HR team came to talk
to me.

I had 12+ employees there and they asked me to write down the names of 3.
Those 3 would be the ones we would try to extricate from a country descending
into war should that happen. Them, their wives, and their children.

How the fuck do you make that decision?

~~~
dredmorbius
As best you can.

In December 2018, news broke that Charlotta Turner, Professor in Analytical
Chemistry at Lund University in Sweden, arranged for mercenaries to rescue a
doctoral student and his family from the Islamic State.

[https://www.telegraph.co.uk/news/2018/12/13/swedish-
universi...](https://www.telegraph.co.uk/news/2018/12/13/swedish-university-
rescues-student-isil-warzone-daring-mercenary/)

Organisations do this. Resources are limited.

------
jlgaddis
Mark my words: the transparency at GitLab -- that we are all familiar with and
very appreciative of -- will soon end.

I don't care what your company does or what industry you are in, pretty much
any decision you make is going to piss _somebody_ off -- "you can't please all
the people all the time" and all that.

This is made worse by today's highly divisive political climate. We've seen it
recently where a company does _something_ , gets attacked for it, changes
their mind, then gets attacked for _that_.

It's bad enough for "non-transparent" companies but it's even worse for a
company like GitLab -- when everyone in the world can (and will!) "attack you"
for any decision you make.

GitLab's transparency will come to an end. That's bad because there are others
who are sitting back, waiting to see how this "transparency experiment" turns
out -- and they'll decide that operating their company in the same manner is
_NOT_ the way they should go.

I miss the days when we could agree to disagree on things and not get so damn
"offended" at all the time.

~~~
rossmohax
When company makes a decision against Director of Compliance advice, when she
is given responses like (paraphrasing): "if we want to stay compliant, we'd
lose these lucrative contracts, are you prepared to answer for you
decisions?", what else she's left to do other than resign? It is not about
polarized world, it is about having a dignity.

~~~
jcims
Compliance (or lack thereof) is just one element of risk that a company has to
face. The folks that take those jobs are typically risk averse and struggle to
move quickly, as one might imagine. You can't let them run the company or
you're going to get destroyed by less apprehensive competition, but if you
ignore everything they say you're running a completely different set of risks.
It's a balance, like everything else in risk management.

Her decision to leave is obviously a personal one. Bailing over one
disagreement seems a bit unsustainable from a career standpoint, but there
could be a track record or she could feel exposed by the public nature of the
conversation.

~~~
jiveturkey
I give her more benefit of the doubt.

If you express strenuous disagreement and are in an _officer_ role, when your
"advice" is only treated as advice to follow or ignore, you have to take a
stand if you believe in yourself. Because it's your head that's going to roll
when this chicken comes home to roost. Better to go out with honor and
preserve your integrity, in some cases.

Well, it's either that or she completely misjudged the position offered her.
Seems gitlab didn't want an officer in this position but rather just a VP with
an officer title.

------
dev_by_day
An important point to communicate here is this is based on someone's
geographic residence, not their ethnicity or nationality.

An American living in China or Russia would be subject to the same policy of
not being hired. A Chinese or Russian person living in Europe would still be
eligible for employment.

~~~
yani
IMO 99.9% of remote workers from a country are also citizens of the country.
The only difference would be top expat/nomad countries.

~~~
filoleg
The parent comment has never mentioned citizenship, only country of residence
and nationality. As long as a Chinese/Russian/etc. national resides in one of
the non-banned countries and can get hired just as well as any other national
(regardless of whether they have a citizenship of the country they reside in
or not), everything is alright in my book, because it has nothing to do with
them on a personal level.

------
joshuakelly
I wonder if GitLab has reached an inflection point in team-size where the
traditional trappings of corporate behaviour will overcome its
transparent/open culture. I wonder what the limit of global and remote really
is?

~~~
Jasper_
Most startups are quite transparent until they hit a big backlash "inflection
point" and realize they outgrew that culture. Even GitHub used to be that way.

Radical transparency works for small startups with heavy us-against-them
cultures, a mutual agreement on who the enemy is, but when it starts facing
tough challenges from the inside is when that starts to disappear.

~~~
AnonGitLabEmpl
Can confirm, transparency is rapidly degrading internally too.

~~~
omani
leave the ship before it is too late. I speak from experience.

~~~
icebraining
Frankly, I find this comment surprising. "Lack of transparency" describes 80%
of the companies I have worked at. If Gitlab losing its radical transparency
is a reason to jump ship, to where would one go?

~~~
omani
funny you are talking about transparency while I refer to companies who care
for politics.

Im talking about environments where you cant express your free opinion or have
to apply to rules because of "politics".

back in the days we were just working. we cared about technology. those in
control cared for money. which was absolutely fine.

today, you have to fit in some weird rules and companies play governments. if
you talk negative (by eg expressing your free will) you get redacted.

thus has nothing to do with transparency btw. the transparency of gitlab can
be good or can be bad. but that is another topic I guess.

~~~
icebraining
No, transparency was the topic being discussed!
[https://news.ycombinator.com/item?id=21483935](https://news.ycombinator.com/item?id=21483935)

~~~
omani
I think you dont get my point. degrading transparency is just a symptom. a
symptom of all this.

~~~
icebraining
Fine. But even if it is, this seems hardly to be a problem exclusive to
Gitlab. So what's the point of jumping ship? Won't you just end up in another
similar environment?

------
99_00
Haven't been following this debate but has it been mentioned that China has a
law that says that every Chinese citizen must spy for the government if asked.

>The law provides official sanction for the intelligence services to do things
long observed in their activities: coopting officials in other government
agencies; compelling cooperation from PRC citizens;

[https://www.canada.ca/en/security-intelligence-
service/corpo...](https://www.canada.ca/en/security-intelligence-
service/corporate/publications/china-and-the-age-of-strategic-rivalry/chinas-
intelligence-law-and-the-countrys-future-intelligence-competitions.html)

~~~
Twirrim
Same is true for Australia, IIRC.

~~~
austhrow743
Source?

~~~
rwiggum
[https://gizmodo.com/australia-s-new-encryption-law-is-
forcin...](https://gizmodo.com/australia-s-new-encryption-law-is-forcing-tech-
companie-1835074557)

~~~
austhrow743
Seems to be very different from the above. One is about Chinese citizens the
other is about Australian companies and even then, only technology based parts
of them.

I as an Australian don't appear to be facing the gulag if Scomo calls me up
and asks me what the Balinese are up to (I'm in Bali) and I tell him to shove
it.

------
alainchabat
Gitlab decided to not hire people living in China/Russia because of all risks
linked to the Chinese/Russian government.

Isn't censoring one of their employee to not enflame the situation would be
what China/Russia would do with their citizen for the same reason? kind of an
ironic situation.

~~~
frenchyatwork
There's certainly irony, or at least contradiction, here; but there's also a
huge difference. In North America, companies regularly try to censor their
employees; in China, the government regularly tries to censor its citizens. In
both cases though, the government is the only one with the authority to enact
violence on its citizens. So while the most Gitlab can do is fire Candice, or
censor communications she makes on their platform; in China, such dissension
could get you locked up, exiled, or disappeared.

Note: I have no love for the sort of thing Gitlab is doing here. It's petty.

~~~
cnst
> So while the most Gitlab can do is fire Candice, or censor communications
> she makes on their platform; in China, such dissension could get you locked
> up, exiled, or disappeared.

This is a bit of a short-sighted argument, because in our times, pretty much
everyone lives beyond their means, from paycheque to paycheque; if you're a
tech worker in SF, you're probably not an exception to this rule, either. So,
if you suddenly find yourself out of a job, and potentially unhireable due to
your unwillingness to compromise on issues such as these, then how's that much
different from being locked up, exiled or disappeared? And you have to
remember, Epstein didn't kill himself, either.

------
AdministrativeA
We use GitLab self-hosted at my company so I've been following this for a
while.

My speculation is there's pressure for the C suite to push this Russia and
China hiring ban for some reason. Looks like the board is telling the CEO this
has to happen or they're in negotiation talks to be acquired by a big company
like Google who wants this to happen now and the backlash to have passed by
the time it's announced. So this will happen whether it's illegal or not (and
it looks like it will and is illegal) but the risk will cost less than the
reward.

If they go to court they spend at most a few mil fighting it over the course
of a few years and the executives walk away super rich anyway. If they don't
go to court they walk away even more rich. But if they don't do it they might
rely on an IPO that's looking shaky because of this bad decision making for
the past 2 months. So even if it's illegal, it still makes sense to do this.
It looks like an exit strategy because they will never be personally liable.

She probably sees this and knows everything going on behind the scenes, but
she won't walk away super rich from this but could lose her law license by
engaging in discrimination.

~~~
rhblake
No need to speculate, it's right there in the GitLab issue. The now-resigned
director of risk and global compliance Candice Ciresi wrote this six days ago
[0]:

"The countries selected were not chosen because of legal requirements, they
were not chosen based on risk, they were not chosen based on political climate
(as other countries are facing heightened sanctions from the US). I do hope
they were not selected because a customer asked for it - or that could violate
anti-boycott laws. In fact, having no objective basis for the restrictions is
not conservative - it is careless. (Please let me know immediately if a
customer has requested that we not do business with any particular country as
that may be a reportable event.) I recommend against proceeding until you have
developed a sound basis - that gets applied equally - for any exclusion of any
country."

To which VP of Engineering Eric Johnson replied:

"I appreciate your position. Please be aware there is an active, time-
sensitive contract negotiation linked to this matter. And you need to advocate
to the DRI that the company walk away from that contract in order to enact
your proposal."

See also her further comments in [1].

[0] [https://gitlab.com/gitlab-com/www-gitlab-
com/issues/5555#not...](https://gitlab.com/gitlab-com/www-gitlab-
com/issues/5555#note_237491303)

[1] [https://gitlab.com/gitlab-com/www-gitlab-
com/issues/5555#not...](https://gitlab.com/gitlab-com/www-gitlab-
com/issues/5555#note_239078066)

~~~
echelon
> "I appreciate your position. Please be aware there is an active, time-
> sensitive contract negotiation linked to this matter. And you need to
> advocate to the DRI that the company walk away from that contract in order
> to enact your proposal."

Could this public backlash sink that deal?

------
getareallawyer
Extremely unprofessional behavior, especially for someone with a law degree.
Three serious issues:

#1: She shouldn't be speculating about legal liability in a non-privileged
medium. Even if she's correct, the risk is too high that her statements will
later be quoted out of context. Keep it in a privileged medium, ideally an in-
person meeting or phone call. This is absolutely basic stuff, and I'm sure
it's taught even at Mitchell Hamline.

#2: Even if you disagree with a decision, don't leave a written record that
you believe your company is legally in the wrong. There are exceptions (you
believe you'd be personally liable, and you want the paper trail to make it
clear you didn't make the decision), but there is absolutely no reason to make
that record public.

#3 (Related) Don't burn bridges on your way out the door. This isn't specific
to law - it's just good professional practice. The world is smaller than you
think, and you're poisoning your professional network. Doing it publicly is
even worse. Why would you be willing to hire someone who has demonstrated that
they will publicly torch your company if you make a significant decision they
disagree with.

~~~
jka
Do you think it's possible that any potential liability could already have
been exposed when the issue itself ( [https://gitlab.com/gitlab-com/www-
gitlab-com/issues/5555](https://gitlab.com/gitlab-com/www-gitlab-
com/issues/5555) ) was opened, prior to compliance becoming aware of it? It
contains the statement:

"In e-group on Monday October 15, 2019 we took the decision to enable a "job
family country-of-residence block" for team members who have access to
customer data. This is at the expressed concern of several enterprise
customers, and also what is becoming a common practice in our industry in the
current geopolitical climate."

It could be that better legal scrutiny during contract negotiation might have
prevented this becoming an engineering, hiring and compliance concern.

~~~
angry_octet
Your liability would be larger if you were known to have ignored qualified
legal advice that it was risky.

Generally you don't read advice that says 'I believe doing X is illegal'
because it doesn't get to that point.

I can't help but think there are other, quieter, lawyers involved.

------
xxs
There is not much substance to go by. Yet, with recent events/drama her
resignation feels suspicious to put it mildly.

I suppose everyone expected the CFO to drop, instead.

------
ddevault
I don't understand why GitLab is doing these things. Even on behalf of
Sourcehut, there are subsets of the industry that I don't really try to
compete with GitLab on. They have a place in this ecosystem and they're
working to undermine it. They're making a void that I, even as a competitor,
don't want to and am not prepared to fill. The community is going to suffer
for their missteps.

I feel really bad for their employees. If I could help, I would, but Sourcehut
isn't big enough to provide another employment option for them. To any GitLab
employees who know something I can do to help, or just want to talk, I can
lend a sympathetic and private ear at sir@cmpwn.com.

~~~
marcinzm
Someone told Gitlab they'll pay them $XXX/year but only if Gitlab has no
employees in China/Russia in sensitive roles. Gitlab decided the money is
worth it since they have bills to pay. Doesn't seem very mysterious to me.

There's many stories of companies only letting people use burner laptops if
they go to China and Russia so it's not a very far fetched contract
requirement.

~~~
alteria
I know several companies, including one I've worked for before, with very
strict no company property laptop or phone policy for entering China.

Issues were mainly related to IP and data sovereignty.

~~~
remoteworker471
My current employer maintains a list of banned countries. While there's
nothing stopping me from going to any of them, I am not allowed to bring my
laptop into the country, and accounts will generally be locked during the
duration of travel.

I'm honestly not seeing what the problem is with this policy. Gitlab's
reaction to the outrage has been incredibly poor, but the policy itself seems
sane based on IP laws and data protection laws in certain countries.

------
marcinzm
I'm curious about something. In one of her cited comments Candice Ciresi, the
director, mentions that if the ban on Russia/China is due to a client request
then it:

>could violate anti-boycott laws

Does anyone know specifically which laws she's referring to? Many companies
have requirements on data not being accessed by individuals outside of certain
countries or being sent outside of certain countries. Others have restrictions
on not bringing company property into certain countries.

~~~
ktsmith
You can read about them here:
[https://www.bis.doc.gov/index.php/enforcement/oac](https://www.bis.doc.gov/index.php/enforcement/oac)

~~~
marcinzm
Based on my reading there are two laws in question:

* Tax Reform Act: This seems to only penalize supporting an existing boycott by another country of a third country [1]. As there is no government boycott of Russia and China (at least not in countries these clients are from I'm guessing) this shouldn't apply.

* Export Administration Act: This also specifically says it related to boycotts conducted by a country against another country the US is friendly with [2].

I'm open to someone pointing out my misreading of these laws but it seems that
they only apply to government mandated boycotts. So, to me, clients are free
to require restrictions if there are no government boycotts in place.

[1]: [https://www.irs.gov/pub/irs-
soi/03-04boycott.pdf](https://www.irs.gov/pub/irs-soi/03-04boycott.pdf)

[2]:
[https://www.govinfo.gov/content/pkg/CFR-2019-title15-vol2/xm...](https://www.govinfo.gov/content/pkg/CFR-2019-title15-vol2/xml/CFR-2019-title15-vol2-part730.xml)

~~~
cosmie
The violation may have been the lack of appropriate reporting. [1] mentions
that "unsanctioned boycotts" must be reported.

Later in the comments she mentioned that the contract in question was screened
and found to not actually be considered a relevant event for anti-boycotting
laws. So whatever her initial concerns were, they were allayed by an actual
review of the relevant request.

Reading through the conversation as a whole, it appears that the
customer/contract in question didn't explicitly request Gitlab to take the
course of action they decided on. Gitlab proactively decided that the action
just happened to be a crude but effective way to comply in a timely fashion
with the data restrictions the customer wanted, since their infrastructure
itself currently doesn't have granular enough security controls around data
access to comply with what the customer request was.

[1]
[https://www.bis.doc.gov/index.php/enforcement/oac#whatmustbe...](https://www.bis.doc.gov/index.php/enforcement/oac#whatmustbereported)

------
tempsy
Who would've thought version control software would have so much public
internal drama...both Github and Gitlab.

~~~
omani
because it all comes down to the root cause:

the attack on an area which until now couldnt care less about politics. now in
the context of "free speech" we try to brake the last knowm union out there in
the world. developers, who only let code speak so far.

~~~
dfalfndfk
Technology always cared about politics. Exactly what about missiles is
apolitical? What about telemetry and data collection?

Do not conflate ignorance with impact.

~~~
michaelt
_> Exactly what about missiles is apolitical?_

"Once ze rockets are up, who cares where they come down? That's not my
department, says Wernher von Braun"
[https://youtu.be/QEJ9HrZq7Ro?t=16](https://youtu.be/QEJ9HrZq7Ro?t=16)

------
bytematic
Looks like Gitlab has censored her spreading the message of her resignation as
well, nice.

~~~
omani
once an environment got infected with "political correctness" and "censorship"
in the name of "free speech" that environment becomes toxic. see.

~~~
chipotle_coyote
From what I'm reading here:

(1) Gitlab decided they won't hire people living in certain countries

(2) This appears to be motivated by the politics of business

(3) An exec who spoke up against it tendered her resignation out of principle

(4) They're trying to suppress conversation about that

Please don't try to abstract "this is all the fault of those SJWs pushing
political correctness" from this story.

I appreciate from your comments that you think it'd be just great if we could
keep politics out of business and lament that the Great Culture War has come
for coding, and I get it. The Great Culture War has come for everything,
though. Science fiction. Movies. Video games. Furries and Bronies.

Here's the thing: this isn't the fault of a small number of loud people making
things political that weren't before. All these things were _always_ political
-- we just weren't having our noses rubbed in it until relatively recently.
Making your lead video game character a woman, or black, is a capital-S
Statement because making them a white male is _also_ a capital-S Statement.
Trying to increase the number of women in STEM through affirmative action
policies of one kind or another is obviously a capital-S Statement, but saying
"hey, the fact that there are no women in science is itself proof that women
just don't science well" is also a capital-S Statement. When your e-sports
champion makes a capital-S Statement about Hong Kong protestors and you
suspend him, suspend his camera man, and go into a massive PR defense about
how gosh darn non-political you are, you are absolutely making a capital-S
Statement.

As I observed before, the old Rush lyric about "when you choose not to decide,
you still have made a choice" holds true whether we want it to or not. You can
passionately argue that politics _shouldn 't_ affect software companies and
coding jobs, but they do. "You shouldn't try to affect your employer's
business practices, you should just leave if you disagree with them" may not
be _intended_ to be political, but it will have political _effects_ just as
much as the reverse will: either the employer changes business practices to be
more in line with what the employees are comfortable with, or the employer
ends up with employees who are comfortable with their business practices.

~~~
michaelt
_> Trying to increase the number of women in STEM through affirmative action
policies of one kind or another is obviously a capital-S Statement, but saying
"hey, the fact that there are no women in science is itself proof that women
just don't science well" is also a capital-S Statement._

I don't think anyone talking about being "nonpolitical" would disagree that
both of those are political acts.

Would you argue that someone who has not made a statement or evinced an
opinion in either direction is still engaging in a political act?

~~~
chipotle_coyote
I doubt such a person would be _trying_ to engage in a political act,
certainly, but I'm not sure I can make a blanket yes-or-no statement about
that. Take Anduril, Palmer Luckey's startup dedicated to building a "virtual
border wall." Is someone who works there really being nonpolitical even if
they're personally keeping all their opinions to themselves?

------
icebraining
Off-topic, but I wonder if Gitlab employees have some way to filter the
discussion, or if they have to manually skip posts by random people.

~~~
AnonGitLabEmpl
We have to manually skip posts by random people.

------
bdcravens
I like my infrastructure to be nice and stable. I realize that all the recent
drama MAY not be a cause for concern, but I imagine this makes Gitlab a harder
sell, in a world of many choices.

~~~
icebraining
And this is how we discriminate against transparency. This sort of drama
happens all the time in many companies, we just don't see it publicly.

~~~
babesh
Prior to the recent debacles, they were rewarded for their transparency.

------
malvosenior
Gitlab's insistence of adjusting remote pay based on geography (and paying
below market in general) never sat well with me. You pay people based on the
value they provided, period. It's ridiculous to think you would take a pay cut
at your current remote job just because you move to a cheaper city.

It does not surprise me one bit that where there was smoke, there's fire and a
bunch of questionable behavior is going on behind the scenes.

~~~
jiveturkey
I used to think that, but now I think it's completely fair and they way they
present is completely honest. So I'm all for it, at least the way they have
implemented it.

As an employer in a capitalistic society, you do _not_ pay people based on
value provided. You pay based on a reverse dutch auction method. This ensures
you are getting an employee at the lowest possible cost, which is your
financial duty. Anything more is excess expense. This is why unions are so
important: to band labor together such that there is no opportunity for a
prisoner's dilemma situation, where things become a race to the bottom.

It is the employer's duty to wring as much value out of an employee as
possible, not to pay them for that value. Paying by value provided would
introduce so much inequality it'd be awful.

So anyway, paying market rate (or the identical fraction under/over
everywhere) at any location is just like having an office in every city where
you _don 't_ have a WFH policy at all and employees are competing against
other local employees. So gitlab employees that have self-selected to live and
work in the same location, wherever it may be, are bidding themselves against
other employers in that location. gitlab gets the edge over local employers
who presumably would require the employee to show up at the office, for those
people that don't want to go in the office at all, for whatever reason. And
therefore it's justified that gitlab pays less than market because they are
only selecting for those employees that value the WFH as opposed to just "work
close to home". And this justification is proven because they are actually
able to employ people at "less than market".

QED

~~~
couchand
Your reasonable arguments are wholly undermined by the jackhole manner you end
your comment.

~~~
jiveturkey
i think you're reading too much into it.

~~~
couchand
TBH I don't know what I was thinking...

------
angry_octet
It seems more likely that, for unexplained reasons, she was not in the loop on
the area she was employed to work on (Global Compliance) and decided therefore
to resign. She may have reasoned that this type of policy would have made
working in BRICS countries very difficult. Ironically, these countries
routinely impose residency and nationality requirements, local hosting and
censorship etc.

The lack of nuance in her public communication is quite strange for a lawyer.
'Retaliatory behavior' \-- against whom are they retaliating and for what? A
serious allegation. And other strange and strongly worded warnings of
illegality, but which have no basis in law that I can see. So, bluster? Trying
to win an argument?

I can't help but think that remote work is not for everybody, and especially
not for lawyers.

~~~
uuioperter
She said there would be no issues if it was a legal requirement. But there
could be issues if it was a demand by a customer.

The CFO replied it was part of a possible contract.

------
rossmohax
Plot twist: Gitlab censors message from Director of Compliance as violating
code of conduct. Just wow.

~~~
JetSpiegel
This issue has 1417 subscribed users, so all of them received the uncensored
email. It's completely pointless.

------
tachion
And I thought we already had this quarter's GitLab drama in the
GitLabTrackerGate ;)

~~~
xiphias2
This is part of the same drama, as Candice Ciresi was the one who told other
people at GitLab management that what they are doing (opt out tracking) is
illegal in multiple juridictions.

I'm interested in what her next job will be, as hopefully another company will
value her knowledge and integrity.

------
ben_jones
1\. Company is applauded for strong morals

2\. Company raises a ton of money

3\. ???

4\. Company appears "divorced or original morals"

~~~
ativzzz
Are we surprised that companies choose money over morals? That seems to be the
status quo for most companies in the U.S. currently.

There are, and always will be exceptions depending on the particular people
involved, but generally if you as a company want to preserve your moral
ground, do not take external funding.

------
TA-blahhh
sytse is awfully quiet in the comments today... usually he has a reply for
everyone whenever a Gitlab/Git/VCS story comes up

~~~
getareallawyer
Maybe he got a real lawyer.

------
sebtoast
Do any of you have a recommendation for an alternative to GitLab and GitHub?

~~~
echelon
What's the issue with GitHub?

~~~
w457uiw4gftyi
Last week people were mad that Microsoft complied with an order from the
Spanish government to remove a controversial repo:
[https://news.ycombinator.com/item?id=21395629](https://news.ycombinator.com/item?id=21395629)

And before that some anti-Microsoft people were mad in general that MS bought
GitHub.

------
llamataboot
Hmmm, I wonder what sort of large partnership could be so concerned with these
two countries? Could it possibly be something with US intelligence agencies?

------
kerpele
I hope the contract that sparked this whole fiasco is big enough to cover the
ton of goodwill they've lost (and keep losing) over this issue.

------
epiphanitus
How do we know her resignation is about hiring devs based in Russia/China and
not about something else?

------
simonswords82
I'm out of the loop here, what is going on with Git Lab? They were well
regarded and now they are not?

~~~
nemothekid
I found more interesting information in the Reddit thread.

[https://www.reddit.com/r/gitlab/comments/dtfccm/gitlabs_dire...](https://www.reddit.com/r/gitlab/comments/dtfccm/gitlabs_director_of_risk_and_global_compliance/f6x00sa/)

\---

 _Ciresi_ : The countries selected were not chosen because of legal
requirements, they were not chosen based on risk, they were not chosen based
on political climate (as other countries are facing heightened sanctions from
the US). I do hope they were not selected because a customer asked for it - or
that could violate anti-boycott laws. In fact, having no objective basis for
the restrictions is not conservative - it is careless. (Please let me know
immediately if a customer has requested that we not do business with any
particular country as that may be a reportable event.) I recommend against
proceeding until you have developed a sound basis - that gets applied equally
- for any exclusion of any country.

 _Johnson_ : I appreciate your position. Please be aware there is an active,
time-sensitive contract negotiation linked to this matter. And you need to
advocate to the DRI that the company walk away from that contract in order to
enact your proposal."

\---

I think Ciresi has been 2/2 in the recent GitLab scandals (she was also
against the telemetry issue). The most obvious version of the story is now
Ciresi has "gotten in the way" of sales twice now and is being retaliated
upon. I'll admit, its rare to see a company flush its morals down the toilet
while chasing revenue.

------
Iv
I am so happy I resisted transitioning from GitHub to gitlab and self-hosted
instead.

------
bhouston
I just wish that GitLab didn't have weekly (or more frequent) outages. Is this
because they are all distracted by the drama ongoing there?

------
busterarm
Sourcehut is pretty great, y'all.

------
itronitron
tl/dr...Director of Compliance at GitLab resigns because they can't force
company to comply.

------
hnthroaway1926
I imagine a Director of Compliance in the Russian or Chinese government has
more authority to force people to comply.

