Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Businesses Privacy China IT Politics

GitLab Considers Ban On New Hires In China and Russia Due To Espionage Fears (zdnet.com) 41

Posted by BeauHD from the abundance-of-caution dept.
GitLab is considering blocking new hires from countries such as China and Russia over espionage fears. "There is a general train of thought that both Russian and Chinese intelligence agencies might use the same blueprint and plant agents or coerce GitLab staff into handing over data belonging to western companies," reports ZDNet. An anonymous reader shares an excerpt from the report: Eric Johnson, VP of Engineering at GitLab, said discussions on banning new hires from the two countries began after enterprise customers expressed concerns about the geopolitical climate of the two countries. If approved, the hiring ban will apply to two positions; namely Site Reliability Engineer and Support Engineer, the two positions that handle providing tech support to GitLab's enterprise customers. Johnson said these two support staff positions have full access to customers' data, something that companies had an issue with, especially if tech support staff was to be located in countries like China and Russia, where they could be compromised or coerced by local intelligence services. Johnson said GitLab does not have "a technical way" to support data access permission systems for employees based on their country of origin. "Doing so would also force us to confront the possibility of creating a 'second class of citizens' on certain teams who cannot take part in 100% of their responsibilities," Johnson said.

The new "hiring ban" is not yet final. Open conversations on the topic started last month, and are scheduled to end November 6.
This discussion has been archived. No new comments can be posted.

GitLab Considers Ban On New Hires In China and Russia Due To Espionage Fears More

GitLab Considers Ban On New Hires In China and Russia Due To Espionage Fears

Comments Filter:
  • And I believe US continues to have formal sanctions against India because it violated the non-proliferation treaty and tested a nuclear weapon.
    • We had formal sanctions dealing with nuclear issues. W removed that. We have been helping India with their nuclear energy, including providing lots of education, and help, on their reactors.
      Sadly, they do not pay full attention. Bringing Windows into a nuclear plant is about as stupid as you can get. 'Blue screams of death' has real meaning for those situations.

      • Use of Windows in life-threatening situations like medical or power has always been a EULA violation.

    • If I were to pick a top five nations that use spies, India wouldn't be in there.

      China, US, Russia, North Korea, Israel ... probably in that order, with Russia ahead if you want to talk about spies-per-capita.

  • Re: (Score:2, Interesting)

    by account_deleted ( 4530225 )
    Comment removed based on user account deletion

    • Re: (Score:2)

      by AHuxley ( 892839 )
      Think back to PRISM. Some big tech brands really, really like to support the US gov.

    • Github originally never took these sorts of rhetorical steps

      What does that have to do with GitLab?

    • Re:this smacks of pandering. (Score:4)

      by Dutch Gun ( 899105 ) on Monday November 04, 2019 @10:04PM (#59381622)

      I know it's traditional to not RTFA. We've even seen some pioneers not reading the summary. Where can we go from here? That's right. We're not even going to read the article's title! It's a brave new world of not reading Slashdot.

    • Re:this smacks of pandering. (Score:4, Informative)

      by youngone ( 975102 ) on Monday November 04, 2019 @10:13PM (#59381642)

      ...changing your corporate policy to match a federal policy is just corporate desperate virtue-signalling.

      That looks more like a problem with the corruption in your government than any problem with Microsoft.

    • ...but Microsoft, their current owner, has been known for more than 3 decades to pander to Washington in order to curry favour with the party-du-jour.

      It's not "pandering" to recognize that the Chinese government uses every worker in the West essentially as espionage agents, and its policy is to hoover up as much IP from the West as it can from those workers, scientists, and technicians.

    • really when did Microsoft buy Gitlab? or are you so blinded by your hatred and ignorance that you can't even see the obvious?

  • somebody is getting smarter, BUT... (Score:3)

    by WindBourne ( 631190 ) on Monday November 04, 2019 @09:38PM (#59381538) Journal
    If they are going to hire Indians, they need to make sure to NOT use the Indian contract companies that hire back in India. Instead, they either need to open a branch in India and control tightly who they hire, OR pick up greencards directly here in the states (and not through Indian contractors), after you have seen their bios.
    One of the most important issues is that a number of Indian coders have actually worked closely with Russia.

    • Yeah, and what is up with the article talking about them compromised by their own intel services? Would the NSA (if you are American) have to blackmail you into working for them, or would they have to ask and write a check? Compromising is what they do in other countries.

  • "There is no cloud ..." (Score:3)

    by Ungrounded Lightning ( 62228 ) on Monday November 04, 2019 @09:58PM (#59381604) Journal

    "There is no cloud. There are only other people's computers."

    • "There is no cloud. There are only other people's computers."

      Often times "other people" are large corporations. And "Computers" are servers with lots of storage capacity. But yeah.

    • That is why I prefer the word hosted over the cloud, it is just some marketing term like Web 2.0.

  • If they're in the U.S., that would be illegal (Score:4, Informative)

    by registrations_suck ( 1075251 ) on Monday November 04, 2019 @10:26PM (#59381694)

    blocking new hires from countries such as China and Russia

    If GitLab is hiring for positions in the U.S. with this policy, then it is in violation of federal law that prohibits hiring discrimination based on national origin.

    However, if it is merely refusing to hire people in those countries to work in those countries, then no so much.

    • Re: (Score:2)

      by rtb61 ( 674572 )

      Yeah it is pretty much blatant racism and prejudice, they should not even have said it, it looks really bad. Even it is relatively likely, especially with huge growth in tech and quality of life in Russia and China and less motivation to risk life and limb in trigger happy USA.

      Although the US government could simply create security passes for high tech jobs that companies could align with and require employees to obtain and then it is the governments fault.

      M$ are just being dicks though because of course

    • Re: (Score:2)

      by AHuxley ( 892839 )
      Any of the discrimination changes made to federal law would have the ability to walk away from anything the US gov feels it should.
      No nation has to work with, hire, look after another nations citizens...

    • blocking new hires from countries such as China and Russia

      If GitLab is hiring for positions in the U.S. with this policy, then it is in violation of federal law that prohibits hiring discrimination based on national origin.

      However, if it is merely refusing to hire people in those countries to work in those countries, then no so much.

      I was going to rant that this is a replica of the Federal hiring policies which have brought us gems like the FBI Russian analyst adverts: https://www.fagain.co.uk/node/... [fagain.co.uk]

      After READING THE ARTICLE, I can't rant. Bummer. What gitlab did is the normal policy and it mirrors similar policies run by nearly all countries, including the Russian themselves. Actual customer support positions referred to in the article are always limited to specific countries and in many cases additional vetting. F.E. you cannot s

  • GitLab is considering blocking new hires from countries such as China and Russia over espionage fears.

    So [dangerous] hackers can only be geographically located in Russia or China?

    No wonder the USA is slowly losing its clout. The Danish just scoffed at the US - going ahead with approving Nord Stream 2 despite all threats the USA threatened...

  • If they believe that simply not hiring in those countries in anyway stops them getting infiltrated by everyone from The US government through to Russia then they are bigger fools than I thought.

  • why would you host... (Score:3)

    by bool2 ( 1782642 ) on Tuesday November 05, 2019 @03:06AM (#59382276) Homepage
    Why would you host your most sensitive assets on somebody else's computers if they weren't encrypted with keys under your exclusive control? Run a git server in house. Backup to the cloud - encrypted. Take responsibility.

    • Re: (Score:2)

      by guruevi ( 827432 )

      You can monitor your own employees. If you outsource your services, you typically can't control your contractor's employees. The best thing to do is not to outsource, you can run a local instance of GitLab which I do regularly for 'sensitive' applications.

  • It's so bad it will destroy their country like it destroys our company.
    Oh by the way, we accept pull requests.

  • That's WACIST!

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close