Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It was unreasonable.

1. You can build systems in a way that every access is strictly logged and audited.

2. Many companies like Facebook or Google employ engineers who could be possibly spying for Russia or China. But the systems and trust models are designed with this in mind.

Here we see unrestricted access to user data, not even sure there’s audit logging in place.



You can but most don't, even Twitter size, that's the lesson. And audit doesn't protect from leakage.

Please note, I'm not saying Gitlab response was appropriate, I totally agree with your second point. I'm saying the demand was genuine.


Google or Facebook employees in China do not have access to overseas data.

Gitlab doesn’t really serve China and has no need for support engineers with in China.


Correct, they do not have overseas data (at least in China).

However, GitLab's restriction also prevented them from employees moving to China as well. Many companies employ people in Asia/Europe timezones as a night-time on-call engineers and support.

Not to mention, the list (China, Russia) is a list of countries made up by GitLab, with no particular backing that's officially recognized by any particular government or organization, which makes the situation discriminatory.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: