Last week, United States export sanctions against countries like Iran caught the attention of the decentralized web community. As many may be aware, the current US administration is embroiled in trade/sanction war with many countries, including Iran. The side-effects of the export sanctions is that United States companies making software cannot make that software available to those in sanctioned countries. And GitHub, being an American company, has been forced to comply with said sanctions. That means developers in Iran, among other countries, were suddenly locked out of their repositories, unable to clone, pull, push, or get archival copies. It sucks. It's shitty. But it's also not GitHub's fault.

Those in the decentralized web space, myself included, believe people should be able to access software without being blocked. However, software being offered under a company umbrella must comply with the regulations of the country in which the company operates. And that may be where my outlook on all of this forks away from most of the rest of the DWeb community.

GitHub is not decentralized. It's not a DAO (decentralized autonomous organization). It is a centralized company that offers servers and database storage for code repositories. It does so for a profit, and it does so now under the Microsoft banner. Those using GitHub use it (hoepfully) knowing full well that the company must comply with United States law. This isn't a privacy policy problem where the actual intentions and use of private data are often obfuscated. This is a political problem that, if you are using the software personally or (especially) for a company you work with, you have the burden of understanding what could happen to your work should you use the software.

Perhaps the confusion and outcry here is coming from two angles:

One, it's easy to argue that many sanctions imposed by the current United States administration are misguided at best and flat-out malicious at worst. Two, Git, the underlying protocol to GitHub, is, in fact, decentralized.

Those two points have seemingly led to a massive outcry on Twitter, much of the anger directed at GitHub itself. GitHub has no choice in the matter. If you make software, even if that software uses decentralized protocols (like Graphite, for example), and you are based in the United States, you must comply with US import/export regulations.

There are ways around this problem, of course. You can make your code available for free for anyone to run and use (though even this can be a violation of export regulations). You can go completely decentralized (the DAO model I mentioned earlier). You can also form your company outside of the United States, but you will likely run into similar regulations just about anywhere. The better solution is for the users of software, those especially entrenched in the decentralized web space, to understand that decentralization at its core and most pure means not relying on any company or organization. And thus, if you believe there should be a decentralized GitHub, well, there are already plenty. But people choose not to use them. They choose the convenience of easy code access and sharing. And that's OK. That's normal. There is a place where convenience and decentralization can meet and mingle. I believe Graphite sits in the middle of that place.

But it will always be the responsibility of those using a company's software (by choice) to understand what the possible ramifications may be of that use. You can't always predict what US regulations will touch, and if that's a serious concern for you, your best bet is to not use US-based software, as difficult as that may be.

It sucks that people in multiple countries were locked out without warning, but this should be a rally cry for those folks to use truly decentralized alternatives. GitHub is not decentralized, nor does it claim to be.