This March 23 update builds on our prior reports and summarizes steps that we’ve taken since our last update, on March 4:
- Microsoft has now committed over $35 million to support humanitarian assistance and relief efforts for Ukraine. This includes more than $18 million worth of Microsoft technology to help organizations such as the Polish Humanitarian Action respond to critical needs and others providing services on the ground.
- Microsoft employee donations are being matched by the company 2:1, resulting in more than $13.5 million raised to date in support of organizations working both within Ukraine and supporting refugees who have fled to neighboring countries.
As the global response to the tragedies in Ukraine and other impacted regions continues to evolve, I wanted to share with our community an expansion of the message that I shared earlier this week with our Hubbers.
GitHub is united with the people of Ukraine and the international community in condemning these horrific acts of violence against a sovereign nation and its people. We continue to monitor the events in Europe surrounding the unlawful Russian military invasion of Ukraine.
We care deeply about our global community, and many of us have loved ones all over the world, including in Ukraine, Russia, and other impacted regions.
I grew up in East Germany during the Cold War, and I remember the happiness and optimism in the early 1990s that the world would come closer together. What we are witnessing now is something I never wanted to see again.
This appeal form requires the individual to certify that they do not use their GitHub account on behalf of a sanctioned entity. A developer posted to Twitter saying that he could remove the suspension after filling out the form and that it was due to his previous employer being sanctioned.
A GitHub blog post in March had promised to ensure the availability of open source services “to all, including developers in Russia.”
A GitHub spokesperson explained this weekend that GitHub may be required to restrict some users to comply with US laws.
“We examine government sanctions thoroughly to be certain that users and customers are not impacted beyond what is required by law.”
This means suspended private accounts are either affiliated, collaborating, or working with/for sanctioned entities.
We lost valuable contributions, information, context, and discussion history on issues and pull requests. We even lost pull requests that were open and under active review.
That work is now entirely lost. Gone forever. For pull requests that did merge, we have the raw commit history — but that is not a substitute for a full code review and discussion.* * *
It’s hard enough to maintain open source projects. It’s even harder to inherit an old, somewhat neglected project and try to get it back on track.
In that scenario, every single pull request, issue, and comment is important for the long-term maintenance and success of the project. Comments, discussions, and code reviews provide valuable context that is not always captured in the commit history — especially for open source projects that have cycled through multiple maintainers over the years.
On a service like Twitter, you can visit the placeholder profile of a suspended account and see a message communicating that the account is suspended, and other users’ @mentions of the account still link to the suspended account’s profile. On GitHub, that’s not how it works at all.
Apparently, “suspending an account” on GitHub actually means deleting all activity for a user — which results in (1) every pull request from the suspended account being deleted, (2) every issue opened by the suspended account being deleted, (3) every comment or discussion from the suspended account being deleted.
In effect, the user’s entire activity and history is evaporated. All of this valuable data is lost. The only thing left intact is the raw Git commit history.
According to various reports (, , , ), GitHub is suspending accounts of Russian developers and organizations linked to or associated with organizations sanctioned by the US government over Russia’s invasion of Ukraine.
It is unclear to me what GitHub’s intended result was with these account suspensions, but it appears to be incredibly destructive for any open source project that has interacted with a now-suspended account. On a service like Twitter, you can visit the placeholder profile of a suspended account and see a message communicating that the account is suspended, and other users’ @mentions of the account still link to the suspended account’s profile.
Since the war began, we have acted against Russian positioning, destructive or disruptive measures against more than 20 Ukrainian government, IT and financial sector organizations. We have also acted against cyberattacks targeting several additional civilian sites.
We have publicly raised our concerns that these attacks against civilians violate the Geneva Convention.
We are also continuing to mobilize our resources to help the people in Ukraine.
Russian flagships spontaneously combust, claim the ban began on April 13 and didn’t discriminate between companies and individuals.
The GitHub accounts of Sberbank Technology, Sberbank AI Lab, and the Alfa Bank Laboratory had their code repositories initially disabled and are now removed from the platform.
Personal accounts suspended on GitHub have their content wiped while all repositories become immediately out of reach, and the same applies to issues and pull requests.
Habr.com reports that some Russian developers contacted GitHub about the suspension and received an email titled ‘GitHub and Trade Controls’ that explained their account was disabled due to US sanctions.
This email contains a link to a GitHub page explaining the company’s policies regarding sanctions and trade controls, which explains how a user can appeal their suspension.
User profiles are also restored, though they do not specifically mention that the accounts are suspended.
According to him, the only mechanism GitHub previously had to suspend accounts was built to target spammers and other malicious actors — scenarios in which, usually, the best thing to is make the accounts and all activity entirely disappear. Clearly, that was not appropriate in this case. I really appreciate Martin contacting me and helping push for a better solution to this internally at GitHub.
I still disagree with punishing ordinary individuals for atrocities perpetrated by The Russian State (and all States, for that matter), but I suppose most US corporations have little choice but to concede to governmental pressure.
Despite Github saying they will continue to offer open source services “to all, including developers in Russia”, some Russian developers got suspended from GitHub without warning.
According to Russian media outlets, starting on April 13 Github started banning Russian companies and individual developers alike, with no warning.
Russia’s Big Brain Drain: IT Workers Are “Grabbing Their Things And Literally Driving to Kazakhstan” To Escape Sanctions
“For example, the GitHub accounts of Sberbank Technology, Sberbank AI Lab, and the Alfa Bank Laboratory had their code repositories initially disabled and are now removed from the platform….
Russia’s access to technologies and other items it needs to sustain its aggressive military capabilities. Additionally, any government takedown notices we process are publicly posted because we believe that transparency is essential to good governance.
Understandably, our community has had strong reactions to the conflict in Ukraine during this particularly stressful time.
We are enforcing our Acceptable Use Policies and Community Guidelines to make GitHub safe for everyone. If you observe behavior that represents a potential violation of our Acceptable Use Policies or Community Guidelines, please report it.
The Community and Product Operations teams are monitoring conversations in our forums and making assessments that abide by our codes of conduct for community forum and public feedback.