
GitHub shuts off access to Aurelia repository, citing trade sanctions - gortok
https://twitter.com/eisenbergeffect/status/1240671036292485121
======
natfriedman
Hi HN, I'm the CEO of GitHub. Flagging this account was obviously a terrible
mistake, and I apologize to anyone who was affected by it. We're investigating
why it occurred and will make changes to make sure it doesn't happen again. I
am glad that we restored access to the account in less than an hour after
Aurelia filed their appeal.

For context on why any account flagging is ever necessary, unfortunately,
every company in the world is required to comply with US sanctions if they do
any business at all in the United States, e.g. serving US-based customers.
This includes even interacting with US banking infrastructure. So being
headquartered somewhere else doesn't help; you have to comply. And US
sanctions as written do not allow us to provide commercial services or
services which could be used commercially to sanctioned countries.

We are taking the broadest possible interpretation of US sanctions law to
allow as much access to GitHub as possible and we are, as far as I know, the
only major vendor to offer public repo access in US-sanctioned countries like
Iran, Syria, and Cuba. I'm proud that we are taking this strong position to
ensure developers everywhere can participate in open source.

I wish we could also offer access to private repos and still comply with
government requirements. We have been advocating and will continue to advocate
for broader developer access with the various government agencies involved.

~~~
Sephr
Do you believe that trade regulations such as ITAR apply to publicly-available
open source software? I do not¹, and it appears that your employees do not
believe this either. GitHub is currently hosting multiple GPS implementations²
that are clearly against this line in your ToS, in addition to also being
against ITAR by not implementing speed limits for missiles:

"GitHub may not be used for purposes prohibited under applicable export
control laws, including purposes related to the development, production, or
use of […] long range missiles or unmanned aerial vehicles."

I think you should probably make a blog post explaining GitHub's stance on
this issue.

[1]: [https://www.unr.edu/sponsored-projects/compliance/export-
con...](https://www.unr.edu/sponsored-projects/compliance/export-
controls/publicly-available)

[2]: One of which is [https://github.com/gnss-sdr/gnss-
sdr](https://github.com/gnss-sdr/gnss-sdr). This repository does not implement
ITAR-required GPS speed limits. Even if it was ITAR-compliant, the limits
could easily be removed as it is open source software.

\----------------------------

Update: GitHub has updated their ToS to remove this line. It was present on
July 27, 2019. The issue still stands with this current statement from their
ToS ( [https://help.github.com/en/github/site-policy/github-and-
tra...](https://help.github.com/en/github/site-policy/github-and-trade-
controls)), which forbids ITAR-regulated software:

"Users are responsible for ensuring that the content they develop and share on
GitHub.com complies with the U.S. export control laws, including the EAR and
the U.S. International Traffic in Arms Regulations (ITAR). The cloud-hosted
service offering available at GitHub.com has not been designed to host data
subject to the ITAR and does not currently offer the ability to restrict
repository access by country."

~~~
tedmiston
ITAR undeniably applies to software.

Whether it's open source or not is irrelevant. ITAR software cannot legally
live on GitHub.com in any case -- it doesn't matter if the repos are public or
private. [But a GitHub Enterprise install (self-hosted version only) can be
compliant.]

I'm confused by your request for the company's stance, since it's not
something up for debate... there is no room for them to take a stance on
complying with the law. It's not up to GitHub at all.

~~~
Sephr
Are you sure about that? Publicly-available open source software can be exempt
from ITAR according to this page: [https://www.unr.edu/sponsored-
projects/compliance/export-con...](https://www.unr.edu/sponsored-
projects/compliance/export-controls/publicly-available)

~~~
tedmiston
If it's publicly available open source, it can't contain ITAR.

If there is existing open source that doesn't contain ITAR, then that's fine
because it's beyond the scope of ITAR, so ITAR doesn't apply to that scenario.
[Maybe this is the case you're mentioning?]

If it is ITAR, it can't possibly be publicly available open source. [How could
it be possible to have publicly-available open source software that is also
restricted to being only shared with U.S. citizens?]

Of course an ITAR project could pull in publicly available open source (e.g.,
dependencies), but that doesn't sounds like what's being discussed here.

~~~
ncmncm
This is just word games.

We can sensibly speak of tech that "would be" an ITAR violation to deliver "if
it were not" open source. This is exactly the scenario under discussion. It
seems very clear from the linked page that, e.g., GPS code that is released as
free/open is, in fact, _not_ restricted by ITAR.

------
EisenbergEffect
GitHub has corrected the issue, restoring our organization access and web
site. They have reported that the org was flagged as part of an automated
process. The flagging occurred because we have two external contributors from
Iran (non GH org members). They told me that there should have been a warning
and they are investigating why that didn't happen. The CEO of GitHub also
reached out personally to try to speedily rectify the situation.

~~~
alireza94
Well, this sounds bad.

A few months ago GitHub banned access of Iranian developers (and devs who live
in a few other countries) to private repositories and gists and now, with
actions like this, even if it's by accident, they are threatening our chance
of collaboration to public open-source repos because maintainers would be
afraid that if they accept our contribution they may face consequences.

~~~
dsl
> maintainers would be afraid that if they accept our contribution they may
> face consequences

But that isn't a result of GitHub's actions, if anything they are trying to
protect maintainers by blocking Iranian contributions.

Sanctions are 1) implemented at a federal government level and 2) intended to
make it almost impossible for the sanctioned country to get anything done.
It's like not letting your kid take their Switch or iPhone with them to
timeout. Yeah it sucks and makes everything awful, but that is exactly the
point.

~~~
luckylion
> But that isn't a result of GitHub's actions, if anything they are trying to
> protect maintainers by blocking Iranian contributions.

By blocking the repository of the maintainers? Is that like "I'm just trying
to keep you safe. I'm going to kill you so nobody can murder you"?

~~~
vinay427
No, but by blocking Iranian contributions, as you cited in your content.

Blocking the repository isn't protecting maintainers, but this comment thread
is about GitHub blocking contributions from Iran as well.

------
firloop
This is pure speculation, but it seems that GitHub's ownership by Microsoft
causes them to be significantly more strict with the types of content that
they are comfortable hosting. Expect this to continue as they expand up and
down the stack; once their npm acquisition closes you'll see this there too.

I think this should be a wake-up call to anyone staking their open source
project on GitHub — if I let someone from a US sanctioned country contribute
to my repo will I be banned? Hopefully mindshare moves to alternatives in due
time.

~~~
stickfigure
This seems peculiar since Rob Eisenberg (author of that tweet and lead of
Aurelia) _works for Microsoft_.

~~~
frankdenbow
Makes sense if you think of them as separate companies (which is how they are
run)

~~~
jslakro
[https://nouhailler.tumblr.com/image/21516226342](https://nouhailler.tumblr.com/image/21516226342)

~~~
frankdenbow
Maybe >5 years ago, culture has changed under Satya :)

------
antoncohen
What frustrates me about these kind of things is how impersonal they are. How
many orgs/users does GitHub sanction a day? Too many for it to be able to
email the users and ask clarifying questions? Or even have a human dig in and
double check what the algorithm says.

Basic human interaction would seemingly solve 99% of false account lockouts
and takedowns. Even basic heuristics like this org has a repo with 11,000
stars, it isn't a new user that just signed up yesterday, we need to look into
this deeper.

~~~
cryptonector
In a world in which online presence is an essential attribute of... commerce,
professionalism, etc., deplatforming cannot be allowed to be so trivial to
effect and difficult (in many cases impossible) to challenge. At some point
human rights have got to include sufficient due process to deal with
accidental or unjust deplatforming.

~~~
shadowgovt
It's an interesting thought, but at the moment at least, things are still too
fluid to really nail down how that would work. What is a "platform?" What is
"deplatforming?" If Github kicks me off and I can migrate easily to GitLab,
have I been "deplatformed?" Is it morally correct to tie Github's hands from
locking someone's account if they're using their git repo to host CP?

We're getting there, but pulling it off is going to require a level of
international cooperation that is rarely seen (and tends to give a few key
players a lot of power; if we do this, I hope everyone's excited to be living
under the US's notion of what morality looks like. Or Europe's. or China's).

~~~
cryptonector
> If Github kicks me off and I can migrate easily to GitLab, have I been
> "deplatformed?"

Most definitely you have. Especially if the reason and process used by GH is
likely to also be in use at GL.

> Is it morally correct to tie Github's hands from locking someone's account
> if they're using their git repo to host CP?

The relevant question is: is it constitutional. In the U.S. I believe the
answer would be a solid "yes" as to a Federal statute that adds due process
protections for this, no different than with the many many Federal and State
laws and regulations that have created civil justice recourse for specific
kinds of torts.

Morality is a different issue, and it's much too easy to flip your question on
its head: is it moral to deplatform people if doing so damages their ability
to earn a living?

Indeed, there's no need to frame this as a moral question, and it's arguably
foolish to do so. It is and should be only a question of policy, politics, and
constitutional law.

Regarding politics, mine is a political argument.

Regarding policy, I think it's a good idea to give "little people" some
minimal protections from "big people". This is quite standard around the
world. There are going to be policy details to debate, but writ large, this is
a no-brainer.

I already address the very likely U.S. consitutionality of such a policy.

> We're getting there, but pulling it off is going to require a level of
> international cooperation that is rarely seen (and tends to give a few key
> players a lot of power; if we do this, I hope everyone's excited to be
> living under the US's notion of what morality looks like. Or Europe's. or
> China's).

No. This can be done in each country w/o internaltional cooperation. Granted,
GH might pull out of France, say, if they don't like French laws, and so on.
But U.S. business will not leave the U.S. over this.

~~~
shadowgovt
> Indeed, there's no need to frame this as a moral question, and it's arguably
> foolish to do so. It is and should be only a question of policy, politics,
> and constitutional law.

Morality drives the shaping of all three of those things, so framing it as a
question of morality is unavoidable if one wants to do something other than
the status quo (which is "A private service provider may choose to do business
with or refrain from doing business with anyone for any reason that hasn't
already been carved out by previous civil rights legislation"). I believe you
immediately demonstrated this fact by stating as "policy" something that is a
moral stance ("little people" deserve some minimal protections from "big
people"). And we may do well to remember that the KKK is also "little people",
as are neo-Nazis (and society has a vested interest in keeping both groups
"little people").

All people should be treated equally as people in the eyes of the law, i.e.
with empathy for their humanity. But when you divide groups into "little" and
"big" by political belief, sometimes you do, in fact, find situations where
the majority should suppress the minority (because the minority's belief is
anti-human, and political beliefs are malleable).

------
tastroder
Let's take a moment and appreciate the copy and paste support response "If a
user or organization believes that they have been flagged in error, then that
user or organization owner has the opportunity to appeal the flag by providing
verification information to GitHub. Please see our FAQ for the appeals request
form."
[https://twitter.com/GitHubHelp/status/1240682163193942018](https://twitter.com/GitHubHelp/status/1240682163193942018)

Is that an official GH account? It's old and the answers look legitimate but
that one is certainly a really off-putting reaction.

~~~
fenwick67
It doesn't seem off-putting to me. The form is there for a reason. Filling it
out is literally easier than explaining everything to a support person on
Twitter point-by-point. If you want help, you can spend 60 seconds and fill
out a damn web form.

~~~
filleduchaos
"60 seconds and fill out a damn web form" that demands you submit a
government-issued photo ID and selfie? Hell no.

------
droopyEyelids
Have black hat people figured out what triggers this yet?

Looks like a new attack, where you make a few contributions to a project, then
start proxying your logins through Iran for a while till everything you touch
shuts down.

------
vasco
Sanctions for online services are one of the worst things about working in
this industry. Being forced to implement and maintain technical solutions to
block access to every day citizens of certain regions because some guys in
suits decided these are second tier humans is demoralizing as hell.

How are people supposed to rise up and depose or vote for less tyranical
governments if they cannot access information, or use services that'll boost
their businesses in the global market? Having had to implement things like
this myself in the past, I just feel like puking when I do it.

And don't think about just ignoring these, as soon as you get bigger than
tiny, your bank will threaten to freeze all your accounts and stop doing
business with you if for some reason you let some Crimean or Iranian get onto
your service and pay you for it.

What exactly is the plan? Are we expecting that individuals who disagree with
their regimes would leave their country and their families? It just feels like
cold blooded retribution with no care for the regular every day population.

~~~
woofcat
>What exactly is the plan? Are we expecting that individuals who disagree with
their regimes would leave their country and their families? It just feels like
cold blooded retribution with no care for the regular every day population.

That it will impact the country economically and hopefully result in the
Government changing coarse or for the People of the country to not want to
live in a shitty place with a poor economy.

I find sanctions vastly better than the alternative at that level, which would
be some sort of blockade or other military intervention.

~~~
kelnos
That sounds good in theory, but in reality you end up with worse outcomes than
doing nothing:

a) The target country just allows their citizens to feel the brunt of the
sanctions while the ruling class hoards resources for themselves.

b) The target country starts a propaganda campaign to blame the sanction-
issuer for all their problems, which the citizens mostly believe.

So ultimately you end up with regular-Joe citizens in the target country
having a worse quality of life, while also being led to believe that _your_
country is the evil one.

Another poster hit the nail on the head: the politicians in the sanction-
issuing country need to be seen as _doing something_ by their populace,
regardless of what the result of that something is.

~~~
GeorgeWBasic
> The target country starts a propaganda campaign to blame the sanction-issuer
> for all their problems, which the citizens mostly believe

Because it's at least partly true. They _are_ the ones issuing the sanctions.

~~~
kelnos
Heh, an excellent point. Obviously the sanctioner's goal is for the
sanctionee's citizens to understand _why_ the sanctions are in place, and
ultimately blame their own government, but that can be a hard sell, even
without a propaganda campaign.

------
cfv
Without even delving on the perverse sanctions part, it should never be
forgotten that the _whole point_ of git is that it's a distributed source
control system. Grab your source and move it elsewhere. Heck, even an old
forked gitlab community instance should work.

Github is good for the exposure, but it's their house, and so their rules
apply, not ours. Don't rely on them to always be OK with you staying.

~~~
driverdan
Every time something like this happens someone has to make this argument. This
isn't just about the source, it's all the other tools like pull requests that
Github provides. Git is only one part of Github.

~~~
cfv
Merge requests have been a gitlab feature since forever though. Like issues,
and webhooks

~~~
webo
Code search, access permissions, code owners, 3rd party integrations?

~~~
cfv
If you tried looking it up yourself instead of making me feed you info in what
totally looks like bad faith that would be awesome.

~~~
shadowgovt
FWIW, I have attempted to look it up myself, and unlike Github, GitLab doesn't
appear to allow me a transparent view into their offerings in action without
signing up to start my free trial. Which is a lot more engagement than Github
requires of someone just trying to discover capabilities.

~~~
seanstev
[https://about.gitlab.com/features/](https://about.gitlab.com/features/)

From what it looks like, the free trial is similar to GitHub‘s paid account
but you can use the extra tools for free for the duration of the trial. Seems
as transparent as GitHub.

Never used GitLab outside of running it myself but I think hosting OS software
on GitLab.com is free.

~~~
mroche
There's also the feature comparison chart:
[https://about.gitlab.com/pricing/gitlab-com/feature-
comparis...](https://about.gitlab.com/pricing/gitlab-com/feature-comparison/)

You don't even need the trial. Just press "Register" to get the standard login
page for GitLab.com. From there you can sign in with GitHub (or make an
account) and explore the platform for yourself.

The trial is just for the paid subscriptions. The normal, free account has
access to all of the platform's Gold features as long as the repos in question
are public (or internal, just not private).

> Yes! As part of GitLab’s commitment to open source, Gold project-level
> features are available for free to public projects on GitLab.com. Gold
> group-level features, however, still require a subscription, for reasons
> explained here[0]. For organizations interested in free Gold features for
> groups, we also offer free Gold and Ultimate to educational institutions and
> open source projects[1].

Note that public repos inside a public group _do_ have access to Gold level
features. It's just the _group_ level features that are restricted.

[0] [https://about.gitlab.com/handbook/product/#gitlabcom-
subscri...](https://about.gitlab.com/handbook/product/#gitlabcom-subscription-
scope-and-tiers)

[1] [https://about.gitlab.com/blog/2018/06/05/gitlab-ultimate-
and...](https://about.gitlab.com/blog/2018/06/05/gitlab-ultimate-and-gold-
free-for-education-and-open-source/)

------
bartread
WTH? GitHub is owned by Microsoft. Rob Eisenberg, who posted that tweet, works
for Microsoft.

There's so much about this I don't get, not least of which is the fact that
despite what the headline suggests, along with the amount of bile still being
spewed on this thread, Aurelia is back up and running, as are all its repos:
[https://aurelia.io/](https://aurelia.io/),
[https://github.com/aurelia](https://github.com/aurelia).

So, yes, GitHub properly effed up here, but they do at least appear to have
backpedalled and fixed the problem quickly.

~~~
larrik
It got fixed quickly because of the very high profile nature of the project.
What happens when it's one of our projects, and we aren't some bigwig at
Github's parent company to complain?

------
kujaomega
Seems that Github has automated some repository banning actions.

3 days ago, the author of a repo got removed his account without reason and
hours later got his account reactivated
([https://news.ycombinator.com/item?id=22593595](https://news.ycombinator.com/item?id=22593595)),
after posting to hackernews.

As we see, the Aurelia repository were also removed, and hours later
reactivated.

What caught my attention is that the banned user is from Russia and that
Aurelia repository has got developers from Iran.

Is this a sign of Github country discrimination? Or is this a sign of Machine
learning bias?

~~~
marcinzm
>Is this a sign of Github country discrimination?

It's a sign that Github strictly follows US sanctions which currently impact
Crimea and Iran. They literally say in the messages for these closures that
it's due to sanctions.

------
mrastro
I can empathize that GitHub has to abide by laws more stringently now that
it's part of Microsoft but oh boy does it's automatic flagging system need
work.

One day I was randomly permanently banned because a hacker starred some of my
public repos from hacked accounts (only ~6 stars btw). I had no involvement
whatsoever, it was likely an attempt by the hacker to dilute the target of the
repos they were trying to star. It took me ~2 weeks to appeal and they still
blamed me for hacking even though the IPs of those accounts were different. My
ban was eventually lifted but I doubt their system works nearly as well as it
should.

------
jtokoph
It looks to be restored:
[https://twitter.com/EisenbergEffect/status/12407000629397913...](https://twitter.com/EisenbergEffect/status/1240700062939791362?s=20)

~~~
nabakin
I guess it was a mistake.

------
kylecordes
What a debacle. If GitHub believes this is necessary to comply with sanctions,
they should provide a "rather than shut me down, please block contributions
that GitHub would consider sanctioned” switch.

~~~
oefrha
Can’t speak for others, but I for one wouldn’t want this switch, and would be
offended by it. I would defend people’s rights to contribute to open source
regardless of their nationalities by taking my project elsewhere.

~~~
jannotti
Then you'd probably still want this switch, but expect to be notified of the
block. Then you could move in an orderly fashion.

------
iamleppert
So disgusting their response: "If a user"

Addressing someone in the third person is about a far from empathy as one
could get. Clearly, the signal is strong to begin the exodus from Github as
soon as practical.

They can no longer be trusted, and are no longer developer friendly.

------
ISL
What is Aurelia? Why would it be sanctioned?

~~~
dwohnitmok
It looks like a JS frontend framework. I've never used it. I have no idea why
it would be sanctioned. Bizarrely Aurelia 1.0 at
[https://github.com/aurelia/framework](https://github.com/aurelia/framework)
has a banner across its top indicating trade sanctions, but the new version
Aurelia 2.0 doesn't
[https://github.com/aurelia/aurelia](https://github.com/aurelia/aurelia).

Aurelia's developers suspect it's because they have contributors from
sanctioned countries. That's the first I've ever heard of such a thing.
[https://twitter.com/AureliaEffect/status/1240664151753551873](https://twitter.com/AureliaEffect/status/1240664151753551873)

EDIT: And the banner is gone... Just when I was going to save some
screenshots.

~~~
save_ferris
My first question is: how does Github know that certain committers are from
sanctioned countries? Do they have Github profiles showing they're from
sanctioned countries?

Given the number of huge FOSS projects on Github, it's feasible to imagine
that many major repos have code contributed by people from sanctioned
countries.

I have no idea what their motive is, but it smells really political to me. I
could see Github's argument if they violated labor laws by hiring or
contracting with individuals illegally, but that doesn't sound like what
happened here.

~~~
GordonS
> how does Github know that certain committers are from sanctioned countries?
> Do they have Github profiles showing they're from sanctioned countries?

Even if not in their profiles, you can pretty reliably detect a user's country
from their IP address.

------
scalableUnicon
And I just finished setting up gitea([https://gitea.io/en-
us/](https://gitea.io/en-us/)) on my server and mirrored all my repos. An
elegant piece of software, setup was straightforward and took less than an
hour.

------
Touche
What am I missing? Seems fine to me:
[https://github.com/aurelia/framework](https://github.com/aurelia/framework)

~~~
save_ferris
Github just reversed their decision.

------
emptysongglass
If people just used git the way it was intended, as a decentralized protocol
for editing and sending patches by email, we wouldn't have this issue. See
[https://git-send-email.io](https://git-send-email.io)

------
dwheeler
This looks like a terrible but honest mistake. The repo is already back, after
something like an hour and a half. The . io website is not back yet, but I
suspect that takes a moment to get back running.

~~~
xvector
It doesn’t matter if it’s an honest mistake, this sort of action alongside the
canned HR response is completely unacceptable. Honest mistakes don’t exempt
your actions from being disgusting.

~~~
dwheeler
An action that is an honest mistake isn't disgusting; it is simply a mistake.
We all make mistakes. Anyone who makes no mistakes is not doing anything
useful.

What matters is doing the right thing _after_ the mistake is discovered. I
agree that the canned HR response wasn't acceptable, but that is not all that
happened. GitHub quickly restored the project - and that was the most
important issue. In addition, GitHub has now posted an apology, and has also
said that they will try to figure out how to prevent its recurrence in the
future.

THAT is exactly the right way to handle a mistake: fix the problem, say sorry,
and try to prevent its recurrence. Good show. I am actually _impressed_ with
GitHub's response to this!!

I get the impression that part of your complaint is that "flagging" itself is
disgusting. If that's the case, your ire is completely misdirected. This is
required by US law for anyone doing business in the US. If you don't like it,
that's fine; complain to the US Congress, who create the US laws. GitHub is
simply doing what it _must_ do. In the US, and in most of the western world,
the rule of law is still a thing (and a good thing it is!). Please point your
disagreement at those who are responsible for it.

~~~
luckylion
> What matters is doing the right thing after the mistake is discovered.

They didn't. They only did "the right thing" after it went viral on HN.

They did the same thing a few days ago to another developer, and only after it
went viral on HN did they do the right thing. They were very aware that a)
their flagging process is broken and b) their support process is non-existant
unless you make your complaint go viral. The canned response is part of their
strategy to filter out everyone that isn't large enough and they'll just
ignore those complaints.

> This is required by US law for anyone doing business in the US.

It's required to do it automatically and wrong? I have some serious doubts.

------
forkLding
Weirdest part of this is that the Lead Developer at Aurelia and the guy who
posted this on twitter works at Microsoft which again is weird now that Github
is part of Microsoft.

------
peterkelly
And they've just bought npm!

[https://news.ycombinator.com/item?id=22594549](https://news.ycombinator.com/item?id=22594549)

------
adultSwim
Note: sanctions against Iran are preventing them from buying medical supplies.
Millions could die there from COVID-19.

~~~
amir734jj
My relatives live in Iran. Sanctions devasted the people's lives, not the
government!

------
castorp
Are there any European hosted (and owned by a European company) alternatives
to GitHub or GitLab?

~~~
guug
Not european, but the non-US ones I know of are

\- [https://gitea.com/](https://gitea.com/) by the gitea project is hosted in
China by a Chinese company. It's probably the safest one to use.

\- [https://bitbucket.org/](https://bitbucket.org/) by Atlassian is probably
hosted in the US but is owned by a company headquartered in Australia.

Personally, I don't think searching for alternatives in other jurisdictions is
the right way to tackle this issue. With the way things are devolving in terms
of hosting reliability (i.e. getting automatically banned by big tech for
vague reasons) and US laws that overstep their boundaries, the best way is to
host mirrors across as many services and networks as possible and switch your
workflow (incl. issues) to a mail-based one.

------
rolph
time to migrate and redeploy, perhaps reface things and setup a new
repository.

the trade sanctions thing is about this repository involving paid service:

[https://github.com/aurelia/aurelia](https://github.com/aurelia/aurelia)

"Due to U.S. trade controls law restrictions, paid GitHub organization
services have been restricted. For free organization accounts, you may have
access to free GitHub public repository services (such as access to GitHub
Pages and public repositories used for open source projects) for personal
communications only, and not for commercial purposes. "

so it looks like its not the most stable place to make money.

------
tanilama
This is laughable. What trade sanctions would apply to a JS frontend
framework? Insane.

------
unlinked_dll
I thought this was about the music education software by the same name

------
thatgerhard
Since when is it Github's job to lock others repos at all?

------
Kiro
Read the whole Twitter thread and all comments here and I still don't
understand what trade sanctions are applicable here.

~~~
detaro
Probably none, and some automatic thing triggered in error.

------
gtrubetskoy
Github was cool when git was new years back - but these days, and especially
given how git inherently is not centralized, it is not very clear to me why we
all cling to github. With a little work, all that it offers can be done
without any help of a centralized server/corporation.

------
greut
It's been removed from AUR packages as well,
[https://lists.archlinux.org/pipermail/aur-
requests/2020-Marc...](https://lists.archlinux.org/pipermail/aur-
requests/2020-March/038625.html)

------
bilekas
Does any license in particular effect the trade sanctions? MIT for example in
my eyes would be the most lax, does that mean that it does not apply for trade
sanctions ?

Open source based on government sanctions kinda feels like some oxymoron.

------
Kydlaw
It's back
[https://twitter.com/EisenbergEffect/status/12407052563898900...](https://twitter.com/EisenbergEffect/status/1240705256389890048)

------
adim86
The funniest thing to me is that the twitter account complaining is a
Microsoft employee and Github is owned by Microsoft but the only way he could
complain and be heard is via twitter? Amazing!

------
Lorin
TIL about Aurelia - the streisand effect in full force :)

------
jtms
I had never heard of this framework until this happened, but now I am going to
check it out. Probably a very good bit of accidental publicity

------
longstation
Would having a decentralized repository be a good idea (one that is not
subject to this kind of corporate/political issue)?

------
pragmatic
And in that moment Hacker News was enlightened.

------
type0
Are there any hints on what other countries/regions might be getting on that
sanctions list soon?

------
sytse
GitLab CEO here, thanks Nat for doing everything you can do to keep open
source accessible around the world. We have to comply with the same
restrictions and respect greatly that GitHub is taking the broadest possible
interpretation of US sanctions law to help users.

------
justlexi93
I wonder what their timeline for fixing a mistake like this is when it's just
some plebe.

I bet it aint an hour.

------
mullingitover
Isn't this a first amendment violation? Are we not on board with the notion
that code is speech, and that the constitution applies to everyone, not just
US citizens?

With those things in mind, I don't understand how the Iranian peoples' free
speech rights can be infringed just because their speech is in the form of
code.

~~~
driverdan
That's not how the First Amendment works. It applies to the government, not
private businesses.

~~~
hyperpape
I think that's not right, because the reason the company is doing the
censoring is to comply with sanctions imposed by the government. If the US
says you can't host content praising Iran, and GitHub takes it down to comply,
that's a 1st Amendment violation.

However, code seems to be in a strange place, neither clearly speech nor
clearly not-speech.

~~~
mullingitover
I argue code is absolutely protected speech. The government ran away[1] from a
recent case that would've settled the matter conclusively.

[1] [https://www.pbs.org/wgbh/nova/article/is-code-free-
speech/](https://www.pbs.org/wgbh/nova/article/is-code-free-speech/)

