Hi HN, I'm the CEO of GitHub. Flagging this account was obviously a terrible mistake, and I apologize to anyone who was affected by it. We're investigating why it occurred and will make changes to make sure it doesn't happen again. I am glad that we restored access to the account in less than an hour after Aurelia filed their appeal.<p>For context on why any account flagging is ever necessary, unfortunately, every company in the world is required to comply with US sanctions if they do any business at all in the United States, e.g. serving US-based customers. This includes even interacting with US banking infrastructure. So being headquartered somewhere else doesn't help; you have to comply. And US sanctions as written do not allow us to provide commercial services or services which could be used commercially to sanctioned countries.<p>We are taking the broadest possible interpretation of US sanctions law to allow as much access to GitHub as possible and we are, as far as I know, the only major vendor to offer public repo access in US-sanctioned countries like Iran, Syria, and Cuba. I'm proud that we are taking this strong position to ensure developers everywhere can participate in open source.<p>I wish we could also offer access to private repos and still comply with government requirements. We have been advocating and will continue to advocate for broader developer access with the various government agencies involved.
GitHub has corrected the issue, restoring our organization access and web site. They have reported that the org was flagged as part of an automated process. The flagging occurred because we have two external contributors from Iran (non GH org members). They told me that there should have been a warning and they are investigating why that didn't happen. The CEO of GitHub also reached out personally to try to speedily rectify the situation.
This is pure speculation, but it seems that GitHub's ownership by Microsoft causes them to be significantly more strict with the types of content that they are comfortable hosting. Expect this to continue as they expand up and down the stack; once their npm acquisition closes you'll see this there too.<p>I think this should be a wake-up call to anyone staking their open source project on GitHub — if I let someone from a US sanctioned country contribute to my repo will I be banned? Hopefully mindshare moves to alternatives in due time.
What frustrates me about these kind of things is how impersonal they are. How many orgs/users does GitHub sanction a day? Too many for it to be able to email the users and ask clarifying questions? Or even have a human dig in and double check what the algorithm says.<p>Basic human interaction would seemingly solve 99% of false account lockouts and takedowns. Even basic heuristics like this org has a repo with 11,000 stars, it isn't a new user that just signed up yesterday, we need to look into this deeper.
Let's take a moment and appreciate the copy and paste support response "If a user or organization believes that they have been flagged in error, then that user or organization owner has the opportunity to appeal the flag by providing verification information to GitHub. Please see our FAQ for the appeals request form." <a href="https://twitter.com/GitHubHelp/status/1240682163193942018" rel="nofollow">https://twitter.com/GitHubHelp/status/1240682163193942018</a><p>Is that an official GH account? It's old and the answers look legitimate but that one is certainly a really off-putting reaction.
Have black hat people figured out what triggers this yet?<p>Looks like a new attack, where you make a few contributions to a project, then start proxying your logins through Iran for a while till everything you touch shuts down.
Sanctions for online services are one of the worst things about working in this industry. Being forced to implement and maintain technical solutions to block access to every day citizens of certain regions because some guys in suits decided these are second tier humans is demoralizing as hell.<p>How are people supposed to rise up and depose or vote for less tyranical governments if they cannot access information, or use services that'll boost their businesses in the global market? Having had to implement things like this myself in the past, I just feel like puking when I do it.<p>And don't think about just ignoring these, as soon as you get bigger than tiny, your bank will threaten to freeze all your accounts and stop doing business with you if for some reason you let some Crimean or Iranian get onto your service and pay you for it.<p>What exactly is the plan? Are we expecting that individuals who disagree with their regimes would leave their country and their families? It just feels like cold blooded retribution with no care for the regular every day population.
Without even delving on the perverse sanctions part, it should never be forgotten that the <i>whole point</i> of git is that it's a distributed source control system. Grab your source and move it elsewhere. Heck, even an old forked gitlab community instance should work.<p>Github is good for the exposure, but it's their house, and so their rules apply, not ours. Don't rely on them to always be OK with you staying.
WTH? GitHub is owned by Microsoft. Rob Eisenberg, who posted that tweet, works for Microsoft.<p>There's so much about this I don't get, not least of which is the fact that despite what the headline suggests, along with the amount of bile still being spewed on this thread, Aurelia is back up and running, as are all its repos: <a href="https://aurelia.io/" rel="nofollow">https://aurelia.io/</a>, <a href="https://github.com/aurelia" rel="nofollow">https://github.com/aurelia</a>.<p>So, yes, GitHub properly effed up here, but they do at least appear to have backpedalled and fixed the problem quickly.
Seems that Github has automated some repository banning actions.<p>3 days ago, the author of a repo got removed his account without reason and hours later got his account reactivated (<a href="https://news.ycombinator.com/item?id=22593595" rel="nofollow">https://news.ycombinator.com/item?id=22593595</a>), after posting to hackernews.<p>As we see, the Aurelia repository were also removed, and hours later reactivated.<p>What caught my attention is that the banned user is from Russia and that Aurelia repository has got developers from Iran.<p>Is this a sign of Github country discrimination? Or is this a sign of Machine learning bias?
I can empathize that GitHub has to abide by laws more stringently now that it's part of Microsoft but oh boy does it's automatic flagging system need work.<p>One day I was randomly permanently banned because a hacker starred some of my public repos from hacked accounts (only ~6 stars btw). I had no involvement whatsoever, it was likely an attempt by the hacker to dilute the target of the repos they were trying to star. It took me ~2 weeks to appeal and they still blamed me for hacking even though the IPs of those accounts were different. My ban was eventually lifted but I doubt their system works nearly as well as it should.
It looks to be restored: <a href="https://twitter.com/EisenbergEffect/status/1240700062939791362?s=20" rel="nofollow">https://twitter.com/EisenbergEffect/status/12407000629397913...</a>
What a debacle. If GitHub believes this is necessary to comply with sanctions, they should provide a "rather than shut me down, please block contributions that GitHub would consider sanctioned” switch.
So disgusting their response: "If a user"<p>Addressing someone in the third person is about a far from empathy as one could get. Clearly, the signal is strong to begin the exodus from Github as soon as practical.<p>They can no longer be trusted, and are no longer developer friendly.
And I just finished setting up gitea(<a href="https://gitea.io/en-us/" rel="nofollow">https://gitea.io/en-us/</a>) on my server and mirrored all my repos. An elegant piece of software, setup was straightforward and took less than an hour.
What am I missing? Seems fine to me: <a href="https://github.com/aurelia/framework" rel="nofollow">https://github.com/aurelia/framework</a>
If people just used git the way it was intended, as a decentralized protocol for editing and sending patches by email, we wouldn't have this issue. See <a href="https://git-send-email.io" rel="nofollow">https://git-send-email.io</a>
This looks like a terrible but honest mistake. The repo is already back, after something like an hour and a half. The . io website is not back yet, but I suspect that takes a moment to get back running.
Weirdest part of this is that the Lead Developer at Aurelia and the guy who posted this on twitter works at Microsoft which again is weird now that Github is part of Microsoft.
And they've just bought npm!<p><a href="https://news.ycombinator.com/item?id=22594549" rel="nofollow">https://news.ycombinator.com/item?id=22594549</a>
time to migrate and redeploy, perhaps reface things and setup a new repository.<p>the trade sanctions thing is about this repository involving paid service:<p><a href="https://github.com/aurelia/aurelia" rel="nofollow">https://github.com/aurelia/aurelia</a><p>"Due to U.S. trade controls law restrictions, paid GitHub organization services have been restricted. For free organization accounts, you may have access to free GitHub public repository services (such as access to GitHub Pages and public repositories used for open source projects) for personal communications only, and not for commercial purposes. "<p>so it looks like its not the most stable place to make money.
Github was cool when git was new years back - but these days, and especially given how git inherently is not centralized, it is not very clear to me why we all cling to github. With a little work, all that it offers can be done without any help of a centralized server/corporation.
It's been removed from AUR packages as well, <a href="https://lists.archlinux.org/pipermail/aur-requests/2020-March/038625.html" rel="nofollow">https://lists.archlinux.org/pipermail/aur-requests/2020-Marc...</a>
Does any license in particular effect the trade sanctions? MIT for example in my eyes would be the most lax, does that mean that it does not apply for trade sanctions ?<p>Open source based on government sanctions kinda feels like some oxymoron.
It's back <a href="https://twitter.com/EisenbergEffect/status/1240705256389890048" rel="nofollow">https://twitter.com/EisenbergEffect/status/12407052563898900...</a>
The funniest thing to me is that the twitter account complaining is a Microsoft employee and Github is owned by Microsoft but the only way he could complain and be heard is via twitter? Amazing!
GitLab CEO here, thanks Nat for doing everything you can do to keep open source accessible around the world. We have to comply with the same restrictions and respect greatly that GitHub is taking the broadest possible interpretation of US sanctions law to help users.
Isn't this a first amendment violation? Are we not on board with the notion that code is speech, and that the constitution applies to everyone, not just US citizens?<p>With those things in mind, I don't understand how the Iranian peoples' free speech rights can be infringed just because their speech is in the form of code.