natfriedman

Hi HN, I'm the CEO of GitHub. Flagging this account was obviously a terrible mistake, and I apologize to anyone who was affected by it. We're investigating why it occurred and will make changes to make sure it doesn't happen again. I am glad that we restored access to the account in less than an hour after Aurelia filed their appeal.

For context on why any account flagging is ever necessary, unfortunately, every company in the world is required to comply with US sanctions if they do any business at all in the United States, e.g. serving US-based customers. This includes even interacting with US banking infrastructure. So being headquartered somewhere else doesn't help; you have to comply. And US sanctions as written do not allow us to provide commercial services or services which could be used commercially to sanctioned countries.

We are taking the broadest possible interpretation of US sanctions law to allow as much access to GitHub as possible and we are, as far as I know, the only major vendor to offer public repo access in US-sanctioned countries like Iran, Syria, and Cuba. I'm proud that we are taking this strong position to ensure developers everywhere can participate in open source.

I wish we could also offer access to private repos and still comply with government requirements. We have been advocating and will continue to advocate for broader developer access with the various government agencies involved.

Sephr
Do you believe that trade regulations such as ITAR apply to publicly-available open source software? I do not¹, and it appears that your employees do not believe this either. GitHub is currently hosting multiple GPS implementations² that are clearly against this line in your ToS, in addition to also being against ITAR by not implementing speed limits for missiles:

"GitHub may not be used for purposes prohibited under applicable export control laws, including purposes related to the development, production, or use of […] long range missiles or unmanned aerial vehicles."

I think you should probably make a blog post explaining GitHub's stance on this issue.

[1]: https://www.unr.edu/sponsored-projects/compliance/export-con...

[2]: One of which is https://github.com/gnss-sdr/gnss-sdr. This repository does not implement ITAR-required GPS speed limits. Even if it was ITAR-compliant, the limits could easily be removed as it is open source software.

----------------------------

Update: GitHub has updated their ToS to remove this line. It was present on July 27, 2019. The issue still stands with this current statement from their ToS ( https://help.github.com/en/github/site-policy/github-and-tra...), which forbids ITAR-regulated software:

"Users are responsible for ensuring that the content they develop and share on GitHub.com complies with the U.S. export control laws, including the EAR and the U.S. International Traffic in Arms Regulations (ITAR). The cloud-hosted service offering available at GitHub.com has not been designed to host data subject to the ITAR and does not currently offer the ability to restrict repository access by country."