cross-posted from: https://feddit.org/post/9959466
geteilt von: https://programming.dev/post/27692275
https://feddit.org/post/9959466/5697405
[why blocked?] "a contributor made a push from a sanctioned region is what i saw. not even a main dev, and they didn’t receive any warning is my understanding. i might be way off, i’m not a final source:
Not that I condone Microsoft, but if it is a sanctioned country (Russia, Iran, North Korea, etc.). Microsoft will be in shit with the US government if they let it there.
If the project has contributors from there, then I guess they need to move off GitHub like they did.
So now we know how to instantly delist any project on GitHub.
Seems like a vulnerability to exploit
Step 1: Get write access to the project you dislike.
This is a really strong argument for not depending on non-federated, centrally controlled services. It doesn't matter which country or company is behind Your Favorite Service™, they can be legally mandated to by Oppressive Regime ("it could never happen in my country!"), or they could just be arbitrary assholes.
I don't care why Microsoft did it. I moved off Github when MS acquired them, although in this case it probably wouldn't have made a difference. Regardless, what it proves is that you can not rely on a monopoly.
I don't think federation saves us. If the server owners are in the states they still have to comply. I don't know for certain, but I think if there are us citizens using it, some laws might compel non us based servers as well.
The only way around it that I can think of is tor. That doesn't make it legal it would just be harder to stop.
All of this is assuming the US justice department would even care enough though.
A non-US person that causes a US person to violate US sanctions or engage in conduct that evades US sanctions may itself become subject to US sanctions.
I don't know the text of the sanctions, but lemmy.world could be under US jurisdiction if they allow me to violate sanctions.
Seems pretty dumb to me that the US has been allowed to assert itself this much.
If I interpret this toot correctly, there wasn’t a direct commit from a sanctioned region, but one developer was in one of those regions for a short while quite some time ago. And he may have been flagged because of this.
That seems bullshit.
I mean blocking specific countries is stupid anyway. Historically China has been playing games with the EU and the US on a geopolitical level. But: Chinese, European as well as American researchers have been at the core of research on current topics like AI, security, etc. Btw. ironically the scientific landscape is very collaborative and borders on a federated model, it's actually pretty neat how much researchers don't care about country of origin.
What I'm saying is introducing geopolitics into open source development or research is one of the most stupid things to do, because it punishes both your and the other country and only benefits uninvolved third parties. It's literally shooting yourself in the foot.
Problem is that unless the person was paid for contributing, what goods or services are being exchanged with the project. I mean if Microsoft received money from that person for a subscription or something I might see them having to ban the user and refund the money. But what did the project receive that would violate sanctions? Volunteer work is usually not covered or else relief organizations and religious missionaries would be banned and the US historically loves sending those. What am I missing?
If they can tell they're from a banned region why are they letting them push in the first place. Sounds like a convenient excuse.
That's strange. A lot of people from Russia continue contributing on GitHub without any issues.
This Russiaphobia is so completely out of fucking control.
This is the benefit of using distributed tools like git.
Yeah, the code history is the easiest thing to migrate. The other stuff like issues relies on having a good exporting/importing tool on both sides.
Yea tons of devs treat all of these platforms like the central host, but you can host it on all of them at once lol
Wonder if there's a tool for compiling all issues from seperate sources to allow devs with repos hosted on several different platforms to respond easier.
Also feels like a way to get repeat issues more frequently
Yea, would probably call for integrating the actual issues into git too lol
organic maps ftw!
A bit of a different tone from when they announced that they were blocked. It was much more neutral (GitHub enforcing US law).
It doesn't seem like a very "walled" garden if they were able to migrate all their data including issues and comments
Forgejo seems pretty good, I'll move my stuff there too
Ooh, I didn't know that someone had developed a mechanism to move issues and PRs.
I remember commenting on the fact that while it's easy to move the source repo itself from location to location, as git makes that easy and self-contained, issues and PRs didn't enjoy that.
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!