Hacker News new | past | comments | ask | show | jobs | submit login

Pure coincidence. We were working for two years to get this license.

I still can't access my company's org private repos (a company incorporated in Hong Kong, with only European employees) because I opened my laptop in a hotel in Iran 3 months ago.

It's taking us a day or so to remove all the restrictions. Email me if this isn't fixed today: nat@github.com.

Hey Nat, since you're on the line here, can I ask for more details about how this process might apply to other software forges? Were you able to secure a general exception for your line of business, or is it specific to GitHub? If the latter, how difficult/expensive was the process?

Great work, by the way. Kudos as well for committing to a DMCA abuse fund.

The license is specific to GitHub.

However, we don't want this to be a competitive advantage for GitHub; developers should choose GitHub because it is better, not because it has a license from OFAC. So we have taken it upon ourselves to advocate for OFAC to allow developers in Iran and other sanctioned countries greater access to all platforms, and we will continue to do so.

This kind of change would likely require an update to OFAC’s regulations, the issuance of an updated general license, or the issuance of formal guidance from the agency. We hope that OFAC’s issuance of a license to GitHub will help pave the way for broader access to similar platforms.

Are you concerned that the first time someone from Iran posts something controversial (eg. "Opensource Nuclear enrichment centrifuge control algorithm") that the license will be knee-jerk revoked with no notice?

Logically speaking, if someone shared such code from Iran, that would be the opposite of what the US government is concerned about. It would be import into the US instead of export.

Github might need to take down something like that from any developer regardless of country, because of other export laws, concerning nuclear technology. But I don't think that would result in punishment of the developer's country. But IANAL and the rules are complex.

If it is posted from Iran how can it be under US export laws?

Once it's on Github, if it leaves the country it's hosted in, that's export.

If it goes through US servers to anyone outside the country, serving it would be exporting it.

Yes, but re-export is covered under a separate regime. Intellectual property served royalty free does not have a correspondent item in internal processing and re-export regime.

Thanks for clarifying, and for working to open things up for all platforms, I really appreciate it.

Luckily, your code is open source so those in Iran can run their own instance locally.

I'm curious: what was the rationale for not talking about this at all until it was ready? It seems like "we're working on a possible solution" would have been a good response to the many complaints about this.

Was there some reason to believe that mentioning you were working towards this license would have a detrimental effect on the review process for that license?

Thanks for clarifying; the mention of "advocating" hadn't seemed connected to the idea of obtaining a "license".

Congratulations on prevailing here.

My guess is two reasons:

- Expectations settings. If they say they're working on a possible solution, people will expect the solution to materialize and get upset when it doesn't. Since this seems like it was a lobbying effort with OFAC, there was probably a large degree of uncertainty on whether this would happen at all.

- Like you suggested, maybe they thought any public comment about this might put at risk the conversations they were having with OFAC?

If they had been denied the licence then it’s potentially misleading. Generally you don’t comment on things if there is a very realistic chance they’re unachievable.

Why would it be misleading to say they are applying for a license?

Because this is the Internet and the angry mob often doesn't understand how the real world works, and the cognitive load of dealing with that angry mob when said things don't go the way they've naively imagined it _must_ is exhausting.

I'd imagine that later saying your license was denied would direct the internet mob in your favour, not against you.

That would work on the hypothesis that the internet mob is a rationale agent. That may not be so.

We can certainly agree to disagree! ;-)

I'm going to guess that the US government wouldn't have appreciated the external pressure going public about it would've added onto their review process.

as a software engineer, you have some* control over the scheduling and cadence of your features you develop.

You have no control over when you get a permit from the government like this. It's nuts. Even when the open source exception to ITAR was passed in the late 90s MIT was very careful not to release kerberos V outside the USA until they had very clear guarantees that it was approved.

Saying "we are applying for an OFAC license" will lead to a deluge of other tech companies applying for the same license, and the likely outcome is the OFAC says "we don't have the manpower to review all these, reject them all".

Thank you Nat. It is better that Github be fully available on other countries sanctioned by US like Syria, Venezuela, ...

I am from Iran. unfortunately, we are prisoners of mullahs like peoples of other countries sanctioned by US that are prisoners of their dictatorship governments.

Github is fully available in Venezuela though. The US sanctions are mostly against the government in our case (I'm Venezuelan).

I probably started too many stinks on the Microsoft yammer page related to this. Thanks for finally getting it done.

Thank you for everyone's hard work in bringing open source to everyone.

You have my respect regardless.

Thank you.

They were taking their sweet time processing the application until today.

Speaking of fast responses, your response time on these comments is incredible!

Took nearly a week to respond to the original tweet (https://nitter.net/sebslomski/status/1344219609923276801), but not much more than an hour to respond to the quoting tweet from an account with an order of magnitude more followers (Edit: it looks like it depends on how you count “response”: https://nitter.net/GitHubHelp/status/1346250095700946956#m was 18 hours ago, https://nitter.net/sebslomski/status/1346467442428530691#m was 3).

First, American holidays does screw up customer service that in some instances it knocks out the very service (a la Slack). Second, despite posting a FAQ from the US treasury department that apparently excludes this case, the posters have missed the point that it only applies to financial services. Software is much more regulated (the silver lining is that cryptography is no longer munitions-class export fortunately) than most commenters think and that behind-the-scenes negotiations tends to happen especially with regards to cryptography.

Well then: lucky coincidence.

Applications are open for YC Winter 2024

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact