Update: Sanctions and Open Source

A Bit of Background

Late in December last year, Slack started disabling accounts for people in countries with US sanctions on them. This month GitHub has begun to restrict access to accounts for those same people. This applies to anyone connecting to services from Crimea, Cuba, Iran, North Korea, and Syria (regardless of whether they live there or not) and applies to Automattic’s work as well as the work we all do in the WordPress project.

There was some general discussion on Twitter in December that died down, and now we’re starting to see some chatter in our community about the recent changes from GitHub.

What We Know

Here is a preliminary take, published at this stage in order to keep everyone as fully informed as possible, since public discussions of the issue are ongoing.

The trade sanctions that precipitated the recent bans by GitHub (and Slack last year) are United States sanctions and GitHub (Microsoft) is required to obey them. The sanctions apply to certain countries, and have the largest impact on paid online services and proprietary software.

In the instance of Slack, there is the potential for excluding contributors in those countries, not because of what WordPress offers, but because of the tools we use.

WordPress is in a different position than GitHub, in a few ways:

  • WordPress doesn’t provide a service; our software is publicly available and offered for free.
  • WordPress is not encrypted.
  • The GitHub account suspensions don’t apply to open source (as noted here https://twitter.com/natfriedman/status/1155311122137804801)

What Next

At the moment, the GitHub changes don’t come with any direct risks to us. The Slack changes have some risks to our contributor participation. In both cases this has raised a number of questions about how to be certain the project is still able to function despite any nation’s political maneuvers.

This is a very technical set of rules. We’re continuing to research them with people who are experts in the area. As you might expect, since we are a global project, there is a lot of information to gather before making any short or mid-term choices that affect us all. I will update this post with more information when I learn more.

To Do – Josepha

  1. Reach out to other open source CMSes to see if there are already learnings we can benefit from.
  2. Reach out to other OS community leaders to see if they have any insights into how it affects their projects.
  3. Reach out to legal experts for advice.

To Do – Everyone

Regardless of the future solutions for WordPress, one thing everyone can do now is make your concerns known to your local and regional lawmakers. Any advocacy we can do in this short-term moment can have major impacts in the future.