Gitlab, international sanctions and Ukraine
Funny. As it often happens in US and UK corporations, Ukraine gets blacklisted or otherwise suffers due to international sanctions.
The way this works is simple: some corporate idiot looks at international sanctions guideline where typically Russia, Crimea, North Korea etc are listed.
When some Ukrainian person or entity gets mentioned they check the guideline and find out that Crimea is part of Ukraine. To be on the safe side they include whole Ukraine into blacklist.
I’ve used to spend hours on calls and e-mails with UK banks to fight through this when sending payments to Ukrainian staff.
Moreover there is annoying practice to outsource compliance to a 3rd party introducing even more obscurity and pain for the customers into process. In my experience with HSBC bank, for example, they would just randomly put some payment or all our payments to Ukraine on hold and then send us an e-mail with same questions such as this person based in Crimea etc. Even having a dedicated business manager didn’t help. I would answer same questions again and again confirming for 10th time such and such is not based in Crimea or Russia, that the person lives in Kharkiv Ukraine, that they export IT services etc. Next month same process would repeat and they weren’t able to apply our answers from the month before because “it’s a separate team” to which our manager has no access.
Same thinking has resulted recently in Gitlab excluding Ukrainian engineers from their hiring plans, with China and Russia also blacklisted.
Dmitriy Zaporozhets (Gitlab founder, originally from Kharkiv Ukraine) had to personally intervene. The excuse put there was that Ukraine is allegedly in top 5 sources of cyber crime countries. When Dmitriy asked for supporting data it turned out that’s actually not true. At the same time it was discovered that Ukraine is in top 10 countries being targeted with cyber crime attacks however.

As result Ukraine has been removed from the list, with China and Russia staying.
Full discussion links below.
Infrastructure department ticket:
Support department ticket:
Security department ticket:
As a conclusion. Don’t be that guy simply forbidding stuff (and whole countries) just because you don’t bother to do a bit of research. That causes a lot of pain, suffering, time wasted and is simply not cool.
