Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Programming Open Source

Is GitHub Suspending the Accounts of Russian Developers at Sanctioned Companies? (bleepingcomputer.com) 159

"Russian software developers are reporting that their GitHub accounts are being suspended without warning if they work for or previously worked for companies under U.S. sanctions, writes Bleeping Computer: According to Russian media outlets, the ban wave began on April 13 and didn't discriminate between companies and individuals. For example, the GitHub accounts of Sberbank Technology, Sberbank AI Lab, and the Alfa Bank Laboratory had their code repositories initially disabled and are now removed from the platform.... Personal accounts suspended on GitHub have their content wiped while all repositories become immediately out of reach, and the same applies to issues and pull requests.

Habr.com [a Russian collaborative blog about IT] reports that some Russian developers contacted GitHub about the suspension and received an email titled 'GitHub and Trade Controls' that explained their account was disabled due to US sanctions. This email contains a link to a GitHub page explaining the company's policies regarding sanctions and trade controls, which explains how a user can appeal their suspension. This appeal form requires the individual to certify that they do not use their GitHub account on behalf of a sanctioned entity. A developer posted to Twitter saying that he could remove the suspension after filling out the form and that it was due to his previous employer being sanctioned.

A GitHub blog post in March had promised to ensure the availability of open source services "to all, including developers in Russia." So Bleeping Computer contacted a GitHub spokesperson, who explained this weekend that while GitHub may be required to restrict some users to comply with U.S. laws, "We examine government sanctions thoroughly to be certain that users and customers are not impacted beyond what is required by law." According to this, the suspended private accounts are either affiliated, collaborating, or working with/for sanctioned entities. However, even those who previously worked for a sanctioned company appear to be suspended by mistake.

This means that Russian users, in general, can suddenly find their projects wiped and accounts suspended, even if those projects have nothing to do with the sanctioned entities.

This discussion has been archived. No new comments can be posted.

Is GitHub Suspending the Accounts of Russian Developers at Sanctioned Companies?

Comments Filter:
  • How does that work? Honest question.

    • by gweihir ( 88907 )

      This is about services, not software.

  • by killhour ( 3468583 ) on Sunday April 17, 2022 @11:24PM (#62455620)
    Sanctions aren't a punishment in the way prison is - it's not a retribution thing meant to hurt the specific entity that did the bad thing. Instead, it's a pain compliance thing meant to cause enough damage quickly enough that the entity that did the bad thing is forced to stop doing that thing. As such, they are intentionally indiscriminate to be effective. So that's not really a problem, _per se_ (within the limited conversation around how sanctions are intended to work and not if they really do or not). Removing access to infrastructure that people rely on to live and work, as well as confiscating their IP will clearly cause pain, so that's working as intended. The thing that might be an issue is that due to the very nature of collaborative software, a lot small contributions work their way into a lot of big projects. I think it would be fair to say that the intention of the sanctions is _not_ to inadvertently break half the internet because some Russian developer wrote a function that made its way into, say, React at some point. Again, not assigning value one way or another to the utility or justness of sanctions; just pointing out that this is working as designed, in the same way that it stops random Russians from having McDonalds for dinner or being able to purchase basic goods or listing their services on Fiver.
  • by djinn6 ( 1868030 )

    If your project gets wiped because of Github, you weren't using Git correctly.

    Also insert old adage about the cloud and someone else's computer.

    • If your project gets wiped because of Github, you weren't using Git correctly.

      Also insert old adage about the cloud and someone else's computer.

      If your project repo gets wiped out, sure. If your project issues, plans and pull requests (as opposed to branches) get wiped out then you are using GitHub in exactly the way it's designed to be used.

      • by djinn6 ( 1868030 )

        Pull requests are in your coworkers computers. They can just send it to you again. Losing the rest is probably a net plus for the project.

  • Not a fan of GitHub at all (prior to all this). But I did follow a project on there called libmdbx. It was a fixed up version of LDBM (used in OpenLDAP). The original LDBM had some cases where it could leak pages and this fork fixed them.

    It is open source and was nothing beyond a library useful to any application needed an ACID compliant key-value store. While the code is definitely "Russian" in style and the principal developer is Russian - it was like any other community project.

    I used this library
    • Do you have any reason to know that it was taken down by GitHub rather than by the developer himself? If it was by GitHub do you know that it was a removal of the project rather than the developer's account which the repo was linked to? The only explanation that I can find is that it's "mysterious". Maybe the developer is protesting against GitHub?

      I found that there's already a restored clone [github.com] which has clearly been allowed by GitHub so this doesn't seem to be doing that much harm. I'd suggest that they s

    • Quote: "There was not a single reason for idiotic GitHub to take it down. "

      How about... Abiding the Law as reason? Or have you lost all reason and became a lawless thinker?

    • On the positive side, GitHub didnâ(TM)t kill the developer, didnâ(TM)t rape his wife and children, and didnâ(TM)t bomb his home.
  • The dangers of turning the Internet into a growingly centralised model, both from an ownership standpoint, whereas a few companies own the majority of the web, and from a technical standpoint, whereas peer to peer and commodity protocols give way to client-server and complex ones, were known. No one cared, and now the Internet, supposedly designed to survive nuclear strikes, isn't able to survive politics.
  • This is an excellent example why you should NOT use Github as your source repository as a company. By the whims of the US goverment you can loose all your source (and I'm pretty confident the private repositories on Github are available to US agencies whenever they want to.
  • Your servers may go away at any time and for reasons you have very little control over. Not good. Take note all you cloud-fans and re-think your position.

    In some regulated environments, there are tendencies to _require_ companies to be prepared to get _out_ of the cloud again (not simply be able to move to a different one, that requirement is obvious) and that is no accident at all. The cloud offerings available today are unproven, still far too dynamic and come with hard to assess and sometimes surprising

  • Can Taiwan-ese, i mean west Chinese, people have GitHub accounts?

No spitting on the Bus! Thank you, The Mgt.

Working...