I just became aware of what's happening thanks to your post. I do think there is some bigger issue we need to discuss in the Rust community.
There is the practical side of things: "Are there any users that can't participate in the rust code repositories?"
I think the answer is yes to this question:
-
Any person who uses rust commercially, like someone who would have set up a rust company and who interacts with rust repositories "not strictly for personal communications" might see themselves excluded as far as I understand the github policy statements.
-
Anybody who decides to protect their privacy and not disclose their location to github by using vpn's, proxies, tor or other means is potentially at risk of getting their account suspended without prior notice. The github policy states that people in affected countries are not allowed to do this, but since people who do this don't disclose their location, I suppose all of those are at risk.
-
The Github policy also has:
Specially Designated Nationals (SDNs) and other denied or blocked parties under U.S. and other applicable law are prohibited from accessing or using GitHub.com.
That means that anyone can potentially face being totally excluded based on government decision without prior notice. Many western governments like to classify all radical political opposition as "terrorism", so this can affect more people than you might think.
But even if the answer to that question was "no". There is also the political question. Rust is a community. A subset of the open source community. Github claims to be an open source community.
In my opinion a community has to uphold values, and protect them from individuals, but more so from companies and governments that want to infringe those values. My values clearly include solidarity with people in the above mentioned categories, as well as solidarity beyond the "practical" issues. I will go into a bit more detail what that means below.
In this light, given recent events, I find Github proven not to be apt to host communities in which I take part. I find a US based company who will have to abide with disgraceful US foreign laws not to be safe place for communities to depend on.
Not only is doing business in the US a liability as far as political values go, further more Github has shown a complete spineless compliance with the US government and hasn't even tried in the least to resist or protect their users, whether through public or legal action. It's shown it's political values have nothing in common with other groups that even while in the US, fight back on this kind of politics, (im thinking the Electronic Frontier Foundation, riseup.net, and all others that fight along their side).
It can be noted that we all, rust community and many other open source projects/developers have become way to much dependent on a company like Github which in my opinion does not share and will not fight for our values.
I would like to propose that:
- we work out a roadmap for reducing dependence on Github and US companies (yes, Mozilla is one of those). I can immediately think of some practical goals that are within reach:
- making sure that data we host is outside of the US, on servers from a company that does not have to abide by US law (crates.io)
- services provided by the rust community should not require a Github account. (crates.io)
- Move Rust repositories into a safer place. The whole point of open source development is that it is a community. This community is made possible by technical means. If rust developers of affected countries and those showing active solidarity with them have to move to self hosted solutions, they will be marginalized unless the rust community as a hole joins in this solidarity. I will personally move my projects away from github, but if I set up a self hosted solution which would require people to make an account on my server in order to file issues, PR, ... I will be marginalized and see less contributions. If we want to be a community that carries values of solidarity, we will need a platform where we can all host our repositories safe from US foreign policies, which for me implies a move of the rust core repositories to a self hosted solution.
So for me active solidarity is putting the values of inclusion above the material cost for achieving them. It will be a lot of work to move everything away from github, and the argument against it will be a practical one. We are at risk of saying "the practical consequences of the current situation are limited, but it will be expensive to mitigate them". I think it's a slippery slope. What if other countries (like Russia and China) become included in the ban? How many people will that affect? Are we going to accept them being gradually sliced of our community as long as they are a small minority?
For me active solidarity is also being pro-active and making decisions with the future in mind. Creating a community that is welcoming is also creating a community that is resistant against such government interference, otherwise we create a safe haven only for a comfortable majority of people that live in western countries, benefit from financial and material privilege already and "have nothing to hide".
Another aspect of active solidarity is the public statement. By staying with github, we continue to affirm that Github is "the place to be", that if you want participate you will need an account there and that you will have to be accepted by the US Government. Creating alternatives is a statement that values of inclusion are important enough to us that we are willing to pay the material cost, and it is reducing dependence on Github and the US in general, opening a brighter future.
I'm sorry if this post isn't very well written. I'm a bit to emotional about what I just learned. I hope it's clear enough to get the key points across.