There is a part in the read me that wories me for hosting.

[oiaohm]

It doesn't matter which country you're coming from

With hosting you do have to worry about country due to sanctions. Yes you might call sanctions political but they are a devil we have to live with so that you can have web based hosting and the web based hosting not get shutdown.

I have not found a country where you can host without some sanctions.

https://ofac.treasury.gov/sanctions-programs-and-country-information

Github here being USA hosted you have the OFAC to deal with. Yes github/Microsoft cannot allow your to do business with countries that are 100 percent sanctioned or end up on the wrong side of OFAC themselves.

As long as it legal for person to submit code they are absolutely welcome. But if comes a choice between blocking a person based on their country because they are from a sanctioned county or risking the project taken offline I would choose block a person. Remember this is case where the person by countries rules that effect host is not allowed to-do so.

These sanction rules are not uniform. It can be important for those wishing to mirror in different countries to have correct country information on those submitting code to know if they can host a mirror or not.

I just see that way readme is worded you are promising something you cannot do with this hosting with risking losing it.

Yes I know x.org project demanding to know what country a person is from seamed like a pain in the but. The problem is this was because there is a legal issue here that can result in your losing hosting or/and your organization bank account frozen.

Like it or not there are some legal rules that we just have to live with unless we can get into power and change them.

[8bitprodigy]

Oh look, more concern trolling!

[oiaohm]

https://thenewstack.io/u-s-blocks-open-source-help-from-these-countries/

This is not trolling. Yes I see the 4 down votes. I am sorry but we have live in the real world we have to be able to deal with sanctions being in place and if this project lasts we are going to get people at some point who are sanctioned who will get upset they cannot commit because github/microsoft or some other party doing the hosting says no and if project does not obey lose hosting..

Accepting anonymous code submits disappeared from most open source programs as government regulation caught up.

Lets promise what can delivered and be upfront with the limitation..

I just cannot work out clean better wording.

"We only care about country as required by legal requirements of the hosting country. As long as you are not from a sanctioned country of the hosting country we do not care."

What going to happen if the microsoft/github is like X11libre have to block submits from X person because they own to a sanctioned company/country. They may troll the project for not upholding its readme.

There need to be something in the readme saying yes will try to uphold these ideals but we understand the real world that if there sanctions or other legal requirements why X parties cannot be involved don't hold this against the X11libre project and we will as legally possible publish why.

How to handle people who are sanctioned attempting to submit is one policy things that need to be worked out in advance of having to deal with that problem for real to keep the project reputation damage to min.

[dec05eba]

I think this post is genuine, he has other issues reported that are technical improvements. Anyways, doesn't github ip block these countries so people from them cant even create a pull request (unless they use a vpn)? If that is really the case then it might be worth hosting it somewhere else where they can contribute.

[oiaohm]

Yes github does attempt to ip block those who are not allowed to submit code but its not perfect. Depending on the sanction it may not be complete country it might be person working for a particular company inside a country that under sanction.

You do get people who do attempt to by pass that block by VPN.

Also you get the ones who will try to directly email lead developer merge requests even that they know they are currently sanctioned. This can end up being over 1000 emails a day.

Yes the OFAC most likely will not worry about a small individual breaking sanctions but someone like github/Microsoft let it happen is not going slide.

This is why I have problem with

It doesn't matter which country you're coming from

in the Readme because we are going to have some bad actor who is sanctioned if this project lasts will cause problems for the lead developer.

Like i personal don't care what country a person is form.

All I care person who is sanctioned who the project cannot take code from does not use what is written in readme/policy as justification to be a absolute trouble.

https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#3-account-requirements

You may not use GitHub in violation of export control or sanctions laws of the United States or any other applicable jurisdiction. You may not use GitHub if you are or are working on behalf of a Specially Designated National (SDN) or a person subject to similar blocking or denied party prohibitions administered by a U.S. government agency. GitHub may allow persons in certain sanctioned countries or territories to access certain GitHub services pursuant to U.S. government authorizations. For more information, please see our Export Controls policy.

Yes it term of service.

Lets say the lead developer decides to take a patch by email and merge into the github from a person under sanction without special permision if detect will result in account being suspend/removed from github.

Yes lead developer of project is not allowed as well to use github to bypass their own countries sanctions.

Maybe alter the readme to be.

As long as you can legally interact with the project as per the hosting term of service: It doesn't matter which country you're coming from, your politicial views, your race, your sex, your age, your food menu, whether you wear boots or heels, whether you're furry or fairy, Conan or McKay, comic character, a small furry creature from Alpha Centauri, or just an boring average person. Anybody's welcomed, who's interested in bringing X forward.

Also that text in the readme could be shorted

"We accept anyone as long as they are not breaching github/hosting terms of service."

[seacat17]

I think this post is genuine, he has other issues reported that are technical improvements. Anyways, doesn't github ip block these countries so people from them cant even create a pull request (unless they use a vpn)? If that is really the case then it might be worth hosting it somewhere else where they can contribute.

Yes, GitHub does that, sadly. I have a close friend who's living in a... Problematic country and GitHub not only IP banned the entire place but also nuked his account and all of his repos for using VPN to bypass sanctions. I'm sorry but the post is probably genuine.

[Nurb4000]

Its just a sad reality of the world we live in today, and has to be accounted for.

[oiaohm]

I knew posting this would be most likely be unpopular. But long term health of project issue has to be taken into account.

Github solution to a party bypassing sanctions be it VPN or getting maintainer of project to take their patches another way is Github terminating repository so Github/Microsoft is not liable and get to hide behind safe harbor projections.

Yes hosting around the world is like this you break sanctions by by hosting and it written into their terms of service.

To conform to the term of service for hosting in most cases you need to know a person country and possible the company they are working and maybe if they have a special exception to a sanction to work out if you can accept code from them or not.

Bad new here is ignorance is not a defense. Yes you claim that you had ignorance on your sanction requirements and you are running a project you could be looking at a 15 year ban from the internet in some countries for your own safety and countries safety. Yes claiming ignorance will not stop parties like github from banning you from platform for term of service violation because of sanction violation.

Willful not checking like not caring about what country/company patches are coming from puts in the same boat as as ignorance. Yes path to banned from platform and never let back because why should Microsoft/Github/gitlab.... trust you.

Now if you can show attempted best effort to follow sanctions

This is part of the legal requirement parts of running a project and keeping it running without disruptions.

[fungilife]

What better way to provoke and expose the totalitarianism of US (and not only) large corporations by daring them to ban you?

There are many forgejo instances who clearly couldn't care less who the US state-dept disliked and liked at the moment

[oiaohm]

What better way to provoke and expose the totalitarianism of US (and not only) large corporations by daring them to ban you?

This is not as good of a idea as you think. Lets say this project starts receiving donations . You provoke them they not only shutdown the hosting they take any linked bank accounts as well.

There are many forgejo instances who clearly couldn't care less who the US state-dept disliked and liked at the moment

Sanctions is not just the USA state department. Github is up front being here we are under USA sanction law.

forgejo depends. Take one forgejo instances and go though it. I will take the top one being codeberg.org. You have to do a lot of digging.

https://codeberg.org/Codeberg/org/src/branch/main/TermsOfUse.md#4-cancellation-and-termination
-4 Cancellation and Termination

• (4) Please be aware that this list is neither exhaustive nor complete (illustrating the spirit of the law, not its letter). Be aware that any account can get suspended at any time if it is used for activities harming Codeberg e.V. or its associated platform and services, directly or indirectly, even if these activities are not explicitly listed in the examples above.

Yes terms of service is very unclear in fact allows them to do anything.

https://codeberg.org/Codeberg/org/src/branch/main/Imprint.md

With enough digging you find out you are under German Sanction rules. So yes not all forgejo instances care about USA sanction rules but all of them once you dig you will find yourself under some countries sanction laws.

Yes be able to in alignment with all the public forgejo options requirements you will need the following information.

1. work out what country they are so you know the sanction laws you have to obey and what list you need to check.
2. the country of the person submitting.
3. the company of the person submitting if their country has sanctioned companies by the hosts country.
4. if this person has an exception granted by whatever country this hosting is in if they are blocked by sanctions by base sanction rules of the country.
5. remember to check that you are not breaking the sanction rules of the country you are currently sitting in or have citizenship of dealing with this person as well.

USA has a requirement that places like github inside their jurisdiction must in their documentation tell you what sanction body you are under. Places like Germany don't have this requirement to be upfront what sanction system you are under.

A person who does not know to do the checks I do the the first time they could know that their project on codeberg.org is under German control is when their project has been terminated and their bank accounts are being frozen because they have done something either against German law or German sanctions.

Yes there are international treaties between countries to allow bank accounts not held in the country where the sanction breach has happened to be frozen.

The USA when it comes to this sanction stuff is one most upfront countries about it to deal with. Germany is one of the worst. Germany can enforce a sanction restriction on you that they have never publicly published so zero notice so basically legally allowed to rug pull you. Yes USA is required to publish there sanctions and give 90 days notice and give a warning to correct if action is not willful or attempted ignorance.

Yes I would take github ahead of codeberg.org for hosting a project even with the USA restrictions. You are less likely to lose your project donations or have your hosting disrupted under the USA system as long as you do a few checks on who you accept code from.

Yes the attempt to obey the USA one reduces response to a warning with 30-60 days to correct. Project can live with this.

Choosing country to host something in your do need to check sanction policy of that country. Some are way worse than others. Yes USA is not the worst by a long shot. Yes avoiding USA server can make your location way way worse.

Every country likes applying sanction rules there are very few places on earth that are you not covered be some countries sanction rules. Most of those places with no sanction rules as a non local its death to go there.

I know what I am writing is not popular but unfortunately its the way it is.

[navid-zamani]

Oh look, more concern trolling!

If you can’t handle reality, better pull the blanket over your head, or the conspiracy theorists will get you. They’re everywhere… hiding under the bed… lurking in the shadows! 🤣

…

I only remember what they did to Wikileaks.
And I have a long list of crimes that Microsoft (that weirdly run Github) committed, and sometimes even got convicted for.

…

What we need is decentralized hosting. So fun fact: git IS already decentralized! Having a central “hub” for it goes directly against its core design. (Everyone has their own git repo, and they update each other via any messaging protocol, but usually mails of pull requests.)

So how about just having a substitute for a project site and bug tracker and such in a (distributed) git repo too, and merely offering a legacy web interface that is just an automatically generated interface to that backend but independent of any particular hosting, using the same tech as a distributed hash table and file sharing to find a non-censored backend. Something along those lines…
(And no, TOR is not a solution. The majority of all entry and exit TOR nodes are state actors and the like, and the nodes in-between are imaginary, making onion routing pointless. The project doesn’t need to be secret anyway. Just not censorable.)

[oiaohm]

It doesn't matter which country you're coming from

This refers to the "flavor of the month" sloganeering by ideologues. It has nothing to do with anything technical.

That idea does not work. Project that have include that line on github when something is wrong scantion have not got warnings to correct action..

corpsouth simple question
"Is there any evidence that this project may not have attempted to make sure submissions obey sanction requirements?"

What I pointed to evidence that can work against the project. Does not matter if it a "flavor of the month" sloganeering. Its statement of I don't care because it does matter if you are doing your job processing commits. That moves you from a warning if something is wrong to a straight up project termination.

Yes "flavor of the month" sloganeering can land you in jail or worse if you don't make sure it used correctly context markers.

Better to add a context maker now limiting what means then being caught by the worst that can happen. Remember current way it is in the readme its perfectly valid to read that as this maintainer of this project is not going to check if a person should be submitting code before including it . This being the case anything found wrong terminate the hosting.

[PPPDUD]

I absolutely agree that the sanctions exist and shouldn't exist, but that should not stop you.
If nobody knows who you are, then nobody can hold you responsible for breaking the law (ever wonder how drug dealers get away with it?)

You would be breaking laws far less popular than drug bans, and would arguably be doing a more ethical and moral thing than you would by following the law.

Obviously, this is not legal advice and I am not a lawyer.

[PPPDUD]

Cool down you all. Everyone's entitled to their own opinion. If you really mind what others think, then fork the repository and do things your way.

I have seen what flame wars can lead you to, and I want to spare you from the experience. @X11Libre, I recommend that you lock this issue for a couple days so everyone can think about it some more before arguing online.