>It's US law and GitHub (Microsoft) is bound by it.
That seems like a terrible situation. What if tomorrow there's a US law that <insert ridiculous thing which "everybody" says won't happen until the day it happens>
Maybe they should fork into GitHub US, GitHub EU and so on.
If the law is believed to be unconstitutional, a US company can fight it in court. Otherwise, the company is required to comply with all laws applicable in the jurisdictions they operate. If there is a conflict, the US law has highest authority.
In this case, if GitHub EU is owned by Microsoft, a US company, GitHub EU still must follow US rules. On the flip side, while GitHub EU must follow GDPR, GitHub US would not be required to do so.
Nope, the point of Azure in Ireland is to increase availability and decrease latency for EU clients. Microsoft challenged a warrant in 2013 to hand over emails stored in Ireland, but the SCOTUS vacated the rulings since it was moot by the CLOUD act of 2018, which allows the government to get data from US companies, no matter where the data physically is.
The 'Net interprets censorship as damage and routes around it. Perhaps those affected could spin up a local Gitlab instance and migrate their data to it?
Gitlab, IMHO, is the gold-standard for self-hosted Git data, CI/CD, Issue-tracking, etc (IMHO, at least). You can use their (US-based, IIRC) hosted solution, or download their Omnibus package and get a self-hosted instance running in less than an afternoon.
If your policy is not to use products of companies operated in the US (and thus bound by US laws)...you're going to have to give up a lot more than just GitHub.
I'm not a huge fan of these sanctions. Though I do think Microsoft is following the law in a fairly standard fashion.
This is well within GitHub's Account ToS in Section B 3.6. [0] so all GitHub users who are part of the US sanctioned countries list [1] are banned from having an account. Since Microsoft/GitHub are all US based companies, they must comply with US export laws and I'm afraid not even GH/Microsoft staff can intervene in this.
I don't know what to think about this 'message to GitHub' since they can't do anything about this, but I think that migrating off of GitHub and lessening or completely removing our dependence on the service is probably better for those developers and for open-source in general.
They only block really antagonistic regimes which don’t comply with UN and other international sanctions. It has to be a really rogue regime that threatens regional or world peace.
Well if the future is just a big black box, why is it reasonable to move to hosts outside the US?
If current conditions are not a good predictor for future conditions, isn't it equally likely that other countries (same as the US), could change in the future to sanction other countries and restrict online services operated there?
Is there a jurisdiction which doesn’t have such suspicion? The 1A can weather a lot and carries a lot of weight. Obviously in this case the government has carve-outs for these things but I suspect other jurisdictions have bigger carve-outs.
I don't think it has to do anything with UN and international sanctions, Iranians once negotiated in the Obama's presidency and made a deal with 5+1, after Obama, Trump broke the deal and the US is out of that now, but the rest of the world didn't, so it is just US sanction not "International" or UN sanctions.
On the other hand, blocking Iranian GitHub accounts is helping to change Iran regime? Are Iranian GitHub Users developing nuclear bombs there?
"No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation."
(Property includes intellectual property, such as computer code.)
(Due Process includes (but is not limited to) Trial by a Jury of one's peers...)
I love the US constitution as much as the next guy, but isn't it a bit of a stretch to apply this section to a non-citizen not even located in the States?
"Due Process" takes on its own meaning to someone who has deeply studied Law. Without being a Lawyer, one could not easily define it.
To understand this by analogy, the word "Computer" might mean something with a screen, mouse and keyboard to some people, but it have a much deeper meaning to a Computer Engineer, Operating System Developer, Compiler Writer, or Applied Mathematician.
That's because the concept of "Computer" is intricately, intricately weaved around all sorts of interrelated technical concepts, and the result is something of sheer engineering beauty...
"Due Process" similarly, is intricately, intricately interweaved with many other concepts in Law. That's the "Due Process" that the Founding Fathers are talking about (they having had extensive backgrounds in Law).
To someone who hasn't studied Law, it would appear as two shallow words, but I assure you -- study Law and you will find these words have many more dimensions than their mere dictionary definitions...
I would submit that someone living in Finland, who is a citizen of Greece, born in Norway, is not contractually obligated by the U.S. Constitution, unless they accept it in some way or other, and if so, that acceptance may be in conflict with other contracts (such as other citizenships) that they may have accepted prior.
So no, probably not.
On the other hand, I would presume that anyone who works for the U.S. Government has accepted the U.S. Constitution, either explicitly (by Oath) and/or implicitly (by the act of working for the U.S. Government).
Why is this important?
Well, see, if those people are in charge of creating/enforcing sanctions, they are also contractually obligated to do so while NOT BREAKING THEIR CONTRACTUAL OBLIGATION TO UPHOLD EACH AND EVERY ASPECT OF THE CONSTITUTION.
One of the things that The Constitution says (above) is that people (all people by the way, not just some of a specific nationality, and not just those that have accepted the Constitution) are NOT to be deprived of their property without Due Process (which includes but is not limited to a Trial By a Jury of one's peers).
If the Wikipedia page for the Law Library of Congress (https://en.wikipedia.org/wiki/Law_Library_of_Congress) is to believed (and I see no reason why it shouldn't be), then the Law Library of Congress contains 2.8 million books on the subject of Law, alone.
That's a lot of books on Law.
You seem to be telling me (by implication) that
a) That the sanctions are absolute, because they are Law.
b) That all people, under all circumstances, must follow all absolute Laws.
c) That in the 2.8 million Law books, there are no conflicting Law or Laws.
d) That in the 2.8 million Law books, there are no Laws, written at an earlier time, that govern the passage of laws at a later time, and what they may or may not contain;
e) That no trials, nor court interpretation of a Law in the broader context of all other Laws -- are necessary ever.
f) That courts have never interpreted similar Laws and changed, modified, and/or deleted their efficacy;
If I am misreading you then please feel free to correct me.
But, my point is simply this. If someone placed $1,000,000 on a table, and told me to bet that that "Law" was absolute in all of its aspects, and that he would bet against me, based on what I know, I could not take that bet...
Why are these people assuming GitHub is some sort of an open source authority. Is it so difficult to understand it’s a company that hosts free and open source projects like any other service? The ignorance is just baffling.
Why would you call it either ignorant or baffling? Do you expect Iranian users to have a deep understanding of American export laws and the political intricacies that might follow from Microsoft's acquisition?
This is an completely understandable reaction regarding Github's block against Iranian accounts. Github as been around for over 10 years, and this never happened before.
> Do you expect Iranian users to have a deep understanding of American export laws
No, but I expect them to at least understand ONE law, since the sanctions affect their country significantly and their politicians talk non-stop about it.
> might follow from Microsoft's acquisition?
This has nothing to do with MSFT. GitHub has always been a US-based company.
> Github as been around for over 10 years, and this never happened before
Because GitHub hadn't been following the law before.
I don't think it has anything to do with the Microsoft acquisition... GitHub was always a US owned and operated company. The reason this hasn't happened in the last 10 years and is happening now is that the laws regarding US companies doing business with Iranians has changed during that period of time. It's not GitHub's or Microsoft's fault, it's the fault of governments, the people running them, and the people empowering then.
Github owned by Github. But this is something different. It is Github owned by Microsoft. Acquisitions, in general, do not end well for the established user-base.
Suggestion: move you repositories! Host your own repositories! Use something different, like Gerrit, to spice up your development! Take matters in your own hand! Own your data, own your compute!
Is there something about this that I've missed that has something to do with the Microsoft acquisition? The same laws would have governed GitHub if they hadn't been acquired.
From an Open Source developer point of view, yes, of course. Open Source projects should not be hosted with them. Period. It completely betrays the spirit of the licenses the code is released under, which guarantees access to anyone, regardless of political, religious, etc.
It all depends on interpretation of the law, lobbying, stalling and the amount of bad press an actor can handle. Microsoft is a much older company and is likely to have stronger ties to the established government.
I'm not talking about understanding USA law, and couldn't care less. People, developers especially, should know something about the licenses they're using. Anyways, any company will have to comply with the law. I guess Microsoft in its war against Free Software managed to sow confusion. Free Software and Open Source are about licenses, not hosting services. How would they react, if for example, Microsoft/GitHub will stop hosting Open Source projects for free?
BTW, this is why I deleted my account at GitHub the day the purchase was announced.
War against open source? They’re the largest corporate contributor to open source, they’ve open sourced a ton of projects, including XAML and .NET Core (which is also now cross platform), and they joined the Open Source Initiative. If you honestly believe 2019 Microsoft is anti-open source, you’re living in the past.
I completely agree. I don't see why some developers need to solely depend on GitHub for private use when you can self-host GitLab/cgit with a cheap computer to host your projects. Open-source development has already thrived without the likes of GitHub even before it was founded.
Perhaps the time to self-host your projects just like how Mastodon allows self-hosting an instance is more important than ever, which will probably be better for open-source instead of centralizing and increasing our dependency on GitHub.
Did GitHub try to fight this in courts? As with Slack, why does it just happen out of the blue? Sanctions on Iran have been there for at least a year, sanctions on Crimea since 2014 - so why now?
GitLab is hosted in the US and also must comply with the same US laws. When GitLab moved to GCP this issue came up because Google geo fences the embargoed countries: https://about.gitlab.com/2018/07/19/gcp-move-update/
Can you get GitLab on-prem if you're in a sanctioned country though, or is GitLab also not allowed to let you download it if that's where you're located?
But since US companies are forced to geo-restrict, how can you verify that the (free) software you've downloaded, is actually the free software offered by those companies?
So there should be no protest then ?
Of course it is the point of sanctions. But this is also why sanctions are wrong. As Ron Paul repeatedly said, sanctions are akin to war.
Shouldn‘t one protest the bombing of cities because „that‘s the whole point of war“
There's no way to punish a government without punishing the country. The sanctions are not on the people themselves, for instance Iranians can and do visit the US.
Iranians and US citizens should protest against their governments causing this political situation. From my limited research, neither party is innocent. Bothering GitHub doesn't have a purpose, they are only blocking Iranians to comply with laws.
I don't understand why this was done suddenly. Warning Iranians that there account will be blocked next month and offering read-only access in the meantime would be much more reasonable. I'd expect legal action to impose the ban would likely take at least this long. I'm glad git is a distributed system, and hope no one lost any information.
I think the only solution is to move open source communities to a more neutral country. Unfortunately, the US as it stands right now, is getting a less suitable place for international organizations day by day
Git was meant to be distributed, however convenience usually wins thus centralization case again.
Hints: git-issues, git-remote-ipfs, gitea and some mirroring via VPNs.
As someone of Iranian Heritage, even though I‘ve never been to Iran, because my Father fled the country after beeing sentenced to death twice, for fighting the Mullah Regime, the Ignorance and total lack of emphaty for Iranian Devs and Open-Source contributors displayed in this thread is shocking to me.
People who have nothing to do with politics and are already suffering under crippling economic sanctions as well under their own government are apparently not considered to be part of the „community“.
Giving them the „helpful“ advise to „fight“ their government even though there is currently no active opposition in Iran and every increase in tensions is making the majority of the population stand more firmly behind their government is just insane.
Can‘t you see that the people asking for support are not „enemies of america“ but instead people who consider the Trump administrations policies to be an abberation, non-representative of the will of the american people, who they consider to be their friends and Open-Source-Community Brothers ?
Microsoft is not untouchable by any means, but, probably more than any company in the world right now, they have the power to gain clarity on these sanctions (and possibly also the EAR issue).
Microsoft has obviously turned a corner recently into dramatic support for open source collaboration. They're pushing VSCode. They bought github. They support linux. None of us will be surprised to hear that they're seeking to buy StackExchange or Discord soon.
I'm saying: if these are their true colors, then they mount a full-throated resistance to this nonsense. They have the legal team, the technical talent, and the political connections to do so.
Start by refusing to take down Github Pages of nationals of sanctioned countries and refusing to disappear repositories maintained by the same, absent a specific court order. Then, challenge it in court.
Will the US Government have the gall to go to Seattle and cuff somebody over this? If they do, it will be a major international incident and rallying cry, and that person (and Microsoft) will look internationally heroic.
It looks like you've been using HN primarily for political battle. That's against the site guidelines and we ban accounts that do it. Would you please review https://news.ycombinator.com/newsguidelines.html and use HN as intended? It's intended for intellectual curiosity.
maybe its time to pick up the thread again and present an effective decentralized version of GitHub and thumb our noses at the notion of borders.
its technically quite feasible..there's no reason the US government gets to decide who writes open source software. and there's no reason github has to play a role here if they choose or are forced to act this way.
While I’ve no familiarity with the law in this area, I’d imagine this is surely still illegal too? If one could just openly pass the business to a foreign partner it would somewhat defeat the purpose of sanctions.
I don't want to be the one to invoke Godwin's law, but there are ways to remain within the law and still resist in a meaningful way when the stakes are high.
Please elaborate. Sanctions don't ban every effort to not be stupid. Compliance isn't condolance. "Following orders" is demonstrably not a great defense.
Russia invades and takes over Crimea (again). This has repercussions for the people living there, many of whom are displacing those who lived there before.
Iran threatens to nuke other countries as soon as they can develop the nukes. They are in the process of trying to take over the whole middle ease, fighting in Yemen, Syria, Iraq, Lebanon, etc. This has repercussions for the people living there.
The US is not going to lift these restrictions. Why would they? If you live in these terrible places, I’m sorry, but you need to start fighting at home. I don’t know enough about your specific situations or what level of action you should take, but everything from peaceful protest to armed rebellion are options. Yes, you might have to die. You might be killed just for peaceful protest or if you’re government suspects you might be “trouble.” This is your burden, but liberty is worth it.
> The 1953 Iranian coup d'état, known in Iran as the 28 Mordad coup d'état (Persian: کودتای ۲۸ مرداد), was the overthrow of the democratically elected Prime Minister Mohammad Mosaddegh in favour of strengthening the monarchical rule of Mohammad Reza Pahlavi on 19 August 1953, orchestrated by the United States (under the name TPAJAX Project or "Operation Ajax") and the United Kingdom (under the name "Operation Boot"). It was the first covert action of the United States to overthrow a foreign government during peacetime.
> The Iranian Revolution (Persian: انقلاب ایران, romanized: Enqelābe Irān;), also known as the Islamic Revolution or the 1979 Revolution, was a series of events that involved the overthrow of the last monarch of Iran, Mohammad Reza Shah Pahlavi, and the replacement of his government with an Islamic republic under the Grand Ayatollah Ruhollah Khomeini, a leader of one of the factions in the revolt. The movement against the United States-backed monarchy was supported by various leftist and Islamist organizations and student movements.
I'm not sure what your point is? Irrespective of the past (whatever wrongdoing the US may or may not have engaged in), it matters not to the current situation for the people of Crimea, Cuba, Iran, North Korea, and Syria.
Obviously I think the Trump Administration is terrible, but do you really think it is at the level of Iran or North Korea? Please. If it was, I would be willing to die for liberty, absolutely.
> let us download our private repositories and also make them public (setting control).
Seems reasonable.
> change their restriction policies to not limiting users based on their Nationality.
I don't see this happening. It's US law and github (Microsoft) is bound by it. Maybe a competitor will use it to their advantage and offer
> announce their decision publicly and apologize for making this situation (like what slack did before in the same situation: https://slackhq.com/an-apology-and-an-update).
I can see how the PR team will issue a careful worded letter or blog post. It will say "we regret the situation" but I doubt be an apology.