This article is more than 1 year old
GitHub builds wall round private repos, makes devs in US-sanctioned countries pay for it
CEO finds it 'painful'. Affected coders, more so
Microsoft-owned GitHub has slapped restrictions on users residing in certain countries as the company bows to restrictions resulting from US sanctions, according to a hand-wringing tweet from CEO Nat Friedman.
Friedman took to Twitter over the weekend after users began noticing their accounts had been mysteriously blocked.
Affected users were presented with a yellow warning message with little or no warning last week as access to private repos on the service were summarily blocked.
Our core team member @_pi0_ cannot access our private repositories anymore on @github because of US Sanctions...
— Nuxt.js (@nuxt_js) July 26, 2019
What do we do now? 😐 pic.twitter.com/4FiLexH9Mf
Teams with developers spread across the globe will find it a little hard to collaborate should they have coders in the affected countries.
GitHub pointed to an explanatory post in which it explained that Crimea, Cuba, Iran, North Korea and Syria were subject to the sanctions and warned that users travelling in those regions may also see their account status "impacted".
Not to worry, though – you can always file an appeal, which we're sure won't be a privacy minefield. After all, all you have to do is upload photo ID proving you don't reside in the affect countries, along with a "selfie" and other identifying information.
Dare we remind caring, sharing Microsoft of the words "judge us by our actions" as users find themselves blocked with no warning due to where they happen to live?
Friedman attempted to defend the lack of notice, saying: "Our understanding of the law doesn't give the option to give anyone prior notice," reminding users that open-source repositories were not affected, just private ones.
To comply with US sanctions, we unfortunately had to implement new restrictions on private repos and paid accounts in Iran, Syria, and Crimea.
— Nat Friedman (@natfriedman) July 28, 2019
Public repos remain available to developers everywhere – open source repos are NOT affected.
Friedman also insisted, in the face of user protests, that the company's actions were due to it being subject to US trade laws.
It is painful for me to hear how trade restrictions have hurt people. We have gone to great lengths to do no more than what is required by the law, but of course people are still affected. GitHub is subject to US trade law, just like any company that does business in the US.
— Nat Friedman (@natfriedman) July 28, 2019
Of course, there are workarounds. The block applies to GitHub's cloudy service. Users could use GitHub Enterprise Server to run things on-premises or in a user's own virtual private cloud. It would then be up to the user to ensure compliance with International Traffic in Arms Regulations and export controls.
Actually getting hold of the GitHub Enterprise Server in the affected countries would, however, be a challenge due to those pesky restrictions.
Another solution being considered by users, assuming they can get access to their code, is a migration to an alternative service such as GitLab or BitBucket.
Nadella tells worried GitHub devs: Judge us by our actions
READ MORETake care, however. GitLab warned of problems for some countries due to "legal restrictions" following its migration to Google Cloud last year. As for BitBucket, while owner Atlassian is based in Australia, it still has offices in the US. According to community support engineer Shannon Spaniol, it is prohibited from providing services to users located in certain countries.
As Friedman warned: "If you do any business in the US you have to obey US sanctions."
Creative users will doubtless publish workarounds, but with GitHub now pulling down the shutters, affected users would be advised to look at alternatives.
We've contacted GitLab and BitBucket for more details and will update if any are forthcoming. We also checked in with GitHub to see if the company has anything more to add to the apologetic tweets emitted by its CEO. We'll let you know if they get back to us – Vulture Central is almost definitely on some sort of list by now. ®