A developer in the Eastern European region of Crimea has found himself at the receiving end of limitations to his GitHub account due to trade control regulations imposed by the US.
Anatoliy Kashkin uses GitHub services to host his website and a game management tool that he maintains, called GameHub. Earlier this week he received a notification about US-imposed trade sanctions affecting his access to the account and resources.
Specifically, this translated into a 404 'not found' error when trying to reach his GitHub-hosted website and inability to create new private repositories.
Existing private repositories were also off-limits for Kashkin. When trying to access them he found that they were disabled due to U.S. trade controls law restrictions.
However, he could create public repositories but deleting them was not possible. After a while, the developer was allowed to delete public code.
GitHub states that code and information uploaded to its platform, Enterprise Server included, "may be subject to trade control regulations, including under the U.S. Export Administration Regulations (the EAR)."
The list of countries facing U.S. government sanctions includes the Crimea region of Ukraine, Cuba, Iran, North Korea, and Syria. This affects developers residing in these regions.
Although Kashkin has alternatives keeping his website and code available to the public, there is the problem of easy access for people used to finding the assets on GitHub.
Furthermore, GitHub has a track record in dealing with security issues quickly and efficiently. A self-hosting alternative, for instance, comes with the hassle of the patching routine, which impacts the code development cycle and in many cases may account for longer periods of exposure.
Since Kashkin was notified of limited access, other projects from developers in sanctioned regions, are going through the same problems.
On Friday, Indian full stack engineer Akash Joshi pointed out that the restrictions rolled out in waves, so some developers had time to plan their move to a different service.
People knew for a time that this was coming, and the bans were happening in waves, so some people, like my friend @0xaryan got time to react.— Akash Joshi (@akashtrikon) July 26, 2019
Others, however, were not so lucky : https://t.co/Em1X2BegHz 3/4
According to Iranian developer Parham Alvani, the restrictions from GitHub happened without warning, denying them the possibility to get their projects out.
Alvani also pointed to several open-source projects from Iranian developers that are affected by the restrictions. A larger list of them is available here.
Another Iranian software engineer also discussed the ripples of this decision, which extend to all people in the countries facing the U.S. sanctions and could also have an impact on further development and maintainance of open-source projects.
The developer says that Riot, the company behind the game League of Legends, informed their users that they can no longer access the game because of current US laws and regulations affecting their region.