Skip to content
DevMeme
5805 of 7435
Open Source Ideals Clash with Corporate Export Policies on GitHub
OpenSource Post #6360, on Nov 7, 2024 in TG

Open Source Ideals Clash with Corporate Export Policies on GitHub

Why is this OpenSource meme funny?

Level 1: Not Everyone Can Play

Imagine you and your friends are building a big sandcastle together at the beach. Everyone is invited to help, and there’s even a sign that says, “All kids welcome, no matter who or where you’re from.” You’re all excited, sharing tools and ideas to make the coolest sandcastle ever.

Now picture a parent who is sponsoring the sandcastle project coming over and suddenly saying, “Wait, one of you isn’t allowed to help build because of where you come from.” They point to one kid and say that because of a rule from their workplace or the government, that kid can’t join in the building. Even though that kid was ready to help and had a great idea for a new tower, they’re stopped from contributing. The rest of you are confused and upset because the sign said everyone could play. It feels unfair — that kid didn’t do anything wrong, but a grown-up rule is keeping them out.

Now the fun project isn’t so fun; it’s become about dealing with this unfair rule. The other kids start reacting: some show support for the excluded friend (imagine giving a thumbs-up or a heart to the friend who speaks up and says “This isn’t right!”). The whole situation is like your inclusive playground promise got broken by an outside law. It feels wrong because the group had promised that everyone gets to help build the sandcastle, and now suddenly not everyone can. The reason isn’t about how good they are at building — it’s just about where they come from, which they can’t change. That’s why the kids are upset and why this scenario seems so unfun and unfair. It’s a simple playtime project caught up in a grown-up rule, and it breaks the promise that everyone can play together.

Level 2: Open Source with Strings Attached

On GitHub, a Pull Request (PR) is how developers propose changes to a project’s code. Think of it as saying, “Hey, I made some improvements – can we add my changes into the main codebase?” In this meme’s screenshot, a user named asakaev opened a PR titled “Add Flux.unfold”. That means asakaev wrote some new code (likely a new feature in the Spring Reactor library) and wanted the project maintainers to merge it into the main branch (reactor:main). Normally, maintainers review the code, maybe ask for tweaks, and then merge it if everything looks good. But here, the PR shows a red “Closed” badge almost immediately, meaning it was rejected outright, without the usual back-and-forth about the code itself.

Why was it rejected? Not because the code had bugs – there’s no mention of any technical issue. Instead, the maintainer mminella gave a surprising reason: since the project is overseen by Broadcom (a big US tech company), they “are unable to accept contributions from Russian sources due to Broadcom export policy at this time.” In simpler terms: Broadcom has a rule that says “we can’t take code contributions from Russia right now,” and because Broadcom is in charge of this open-source project, that rule had to be followed. The maintainer even added, “Thanks for your continued use of Spring,” basically telling the contributor: “You can still use our software, but we can’t accept your code changes.”

This is a very unusual situation for an open-source contribution. Normally, open source projects pride themselves on being open to anyone’s input, no matter where that person is from, as long as the contribution is good. It’s not common to see CorporatePolicy and legal rules come up in a casual GitHub discussion with a community contributor. But here we have exactly that — a company rule interfering with a code collaboration. Broadcom’s “export policy” is basically a legal precaution. Companies in the U.S. have to obey export laws and sanctions. “Export” in this context isn’t just about shipping physical goods; it can include sharing software or technology with people in other countries. If a country is under strict sanctions (like Russia currently is, due to international conflicts and regulations), U.S. companies might be barred or frightened from collaborating with individuals in that country in certain ways. Broadcom’s legal team likely instructed all their teams, “Don’t accept contributions from developers in those regions for now,” to avoid any chance of breaking the law.

Enter LashaDev, another contributor who saw this and felt it was wrong. LashaDev left a comment (as shown in the screenshot) basically asking for clarification and challenging the decision. They said, in essence: “If someone not from Russia submitted the same code, would you have accepted it? It looks like you rejected this just because the contributor is Russian. That sounds pretty questionable. Is that even legal? And can you still call this project ‘open source’ if you do that, or is it just open source in name while actually only accepting free work that fits Broadcom’s rules?” LashaDev then pointed to the project’s own Code of Conduct, known as the Contributor Covenant.

The Contributor Covenant Code of Conduct is a document that many open source projects use to set the ground rules for participant behavior and inclusivity. It basically says the community is committed to providing a friendly, safe, and welcoming environment for everyone, regardless of personal characteristics like age, gender, ethnicity, nationality, etc. LashaDev quoted the part of this Covenant that mentions nationality, reminding the maintainer that the project promised not to discriminate based on where someone is from. In other words, the project’s rules say “we won’t treat you differently because of your nationality,” yet the PR was declined because of the contributor’s nationality. That’s a blatant contradiction.

All of this turned a simple code contribution into a discussion about fairness and rules. If you’re a newcomer to open source, this might be pretty confusing. Open source is supposed to mean that anyone can contribute from anywhere in the world, as long as they follow the project guidelines. It’s one of the cool things about the developer community – you can have people from all over the globe working together on a project. But here we have a case where a contributor was told no because of where they’re from, not because of what they contributed. Naturally, people are asking: “Is this project really open to everyone, or are there hidden gatekeepers?”

To break down some of the key elements here:

  • Broadcom: A large American technology company. They make semiconductors (computer chips) and have also acquired software companies (like CA Technologies and, in progress, VMware which owns Spring). If a project is “stewarded by Broadcom,” it means Broadcom sponsors it and has employees managing it. So, Broadcom’s policies and decisions heavily influence the project.
  • Export policy: Companies have export policies to comply with laws about exporting goods and technology. If there are sanctions against a country, a company’s export policy might say “we can’t do certain types of work with that country.” In this case, Broadcom’s policy says they can’t accept contributions (which is like collaborative work) from developers in Russia, presumably because of U.S. sanctions on Russia.
  • Spring / Spring Reactor: Spring is a popular open-source framework for building Java applications. Reactor is a part of Spring’s ecosystem (for reactive programming). Originally, Spring was maintained by a smaller company (Pivotal) and then VMware. Now, by extension of VMware being acquired, Broadcom is in charge. So an open-source project that used to be community-driven now has this big corporation in the picture.
  • Contributor Covenant Code of Conduct: A standard set of community rules adopted by many open source projects to ensure everyone feels welcome and is treated fairly. It explicitly says project maintainers should not discriminate against contributors for things like nationality, among many other attributes. It’s essentially a pledge of inclusivity.

What happened in this PR is a collision between open-source community values and corporate legal requirements. The community value (as reflected in the Code of Conduct) is inclusivity: anyone can contribute regardless of nationality. The corporate requirement (Broadcom’s export rule) is exclusivity in this case: excluding contributions from a specific country (Russia). LashaDev’s comment and the subsequent debate are all about this conflict. They’re questioning whether an open-source project can call itself “open” if contributions are filtered by the contributor’s country of origin.

The reactions we see (little emoji hearts and thumbs-ups on LashaDev’s comment) indicate that many in the community agree with LashaDev. They too feel something isn’t right or fair here. This has ignited a conversation about what it means to be an open-source project under the umbrella of a corporation. Usually, when you hear “open source,” you think of community-driven efforts, global collaboration, and merit-based contribution. This incident is forcing people to consider that when a company is in control, its compliance rules might put strings attached to that openness.

For a junior developer or someone new to this space, it’s a bit of a wake-up call. It shows that not all “open source” is the same: some projects are truly independent, and others are tied to big companies that might have their own constraints. It also highlights why governance and policies are important topics in open source. If rules like this exist, they ideally should be transparent so contributors know about them upfront. In this case, it appears out of the blue, which is why it caused a stir. The big takeaway is that while open source aims to be borderless and inclusive, real-world issues like geopolitics can creep in when corporations are involved, creating a tricky situation that the community and maintainers need to navigate carefully.

In open source, we say show me the code, not your passport. But here, a seemingly routine GitHub pull request ran into a geopolitical roadblock. The project maintainer closed PR #3897 not for a bug or failing tests, but purely because of the contributor’s nationality. The official comment reads like it was drafted by a lawyer rather than a fellow developer:

Thank you for this contribution. Unfortunately, as a project stewarded by Broadcom, we are unable to accept contributions from Russian sources due to Broadcom export policy at this time. Thanks for your continued use of Spring.

No syntax errors or failing CI pipeline here – just a human sanctions check. It’s as if the repository had an invisible rule: “if contributor.country == 'Russia', then reject.” We could imagine some pseudo-code enforcing this new merge blocker:

# Hypothetical compliance check
if contributor.country == "Russia":
    raise ExportComplianceError("Contribution blocked by export policy")

This kind of rejection is virtually unheard of in normal open-source collaboration. Instead of a typical code review, the PR was shut down by a CorporatePolicy edict. Seasoned devs find a dark irony in this: we expect merge conflicts in code, not in international politics. In other words, the code itself was fine – it was the contributor’s passport that failed validation.

Not surprisingly, the community was quick to react. Another contributor, LashaDev, openly challenged the decision. LashaDev’s comment (shown in the grey box) essentially says: “Wait, isn’t this against our project’s principles?” It directly questions the maintainer’s action:

LashaDev: “If someone else (not from Russia) opens the same PR – do you accept it? So you decided to decline this just based on the contributor’s ethnicity/nationality. Sounds weird. How do you find this even legal? Is it still ‘open source’... or just free work for Broadcom/whatever?”

LashaDev then pointed to the project’s own Contributor Covenant Code of Conduct, reminding everyone that it explicitly forbids excluding people based on nationality. They quoted the text that all community members agreed to:

We as members, contributors, and leaders pledge to make participation in this project and our community a harassment-free experience for everyone, regardless of nationality, ...

It’s written plainly: the project pledges to be open and welcoming regardless of nationality. Yet here a contribution was rejected solely because the developer is Russian. This stark contradiction is the crux of the debate. The maintainer’s corporate-mandated action appears to violate the very inclusivity principles the community signed up for. That’s why LashaDev and others are alarmed – it feels like the open door of open source just had an arbitrary “No Entry” sign hung on it for one group.

You can sense the tension through the reactions: ❤️ and 👍 on LashaDev’s post show many agree with calling this out. It’s a real-life example of open source governance problems: the community’s values vs. corporate rules. Developers are asking, “Is this project truly open to all, or are there hidden conditions?” The phrase “Thanks for your continued use of Spring” especially rubs salt in the wound. It sounds like, “We won’t accept your help, but please keep using our product.” Ouch. That comes across as condescending and telling – as if the company views the community as users, but not as equals when it comes to contributions.

So why would Broadcom impose a ban on Russian contributions at all? It boils down to legal compliance. Broadcom is a large U.S.-based tech company, and U.S. export laws currently have strict sanctions related to Russia. Broadcom’s lawyers likely decided that accepting code from “Russian sources” could count as providing a service or technology transfer to a sanctioned region, risking a violation. In a corporate environment, avoiding multi-million-dollar penalties or legal trouble is a big priority. Thus, an internal Broadcom export policy was put in place saying, effectively, “for now, we can’t integrate contributions from certain countries.” When they say the project is “stewarded by Broadcom,” it means the company oversees it, so the maintainer (probably a Broadcom employee) had to enforce that policy in the open.

For veteran open-source developers, this scenario is both absurd and unsettling. Absurd, because open source has always been a global free-for-all — code doesn’t care where you’re from. Unsettling, because it isn’t the first time politics have tangled with programming. Back in the 1990s “crypto wars,” the US treated strong encryption software as a munition, making it illegal to export. Developers literally printed encryption code in books and on T-shirts as a workaround to share it internationally. Seeing a modern GitHub contribution hit a similar wall feels like a time warp. It reminds us that even today, code can become collateral damage in geopolitical disputes.

Ultimately, this meme captures a geopolitics_in_oss moment: global politics colliding with collaborative software development. It highlights a rift between open-source ideals and corporate realities. On one side, the inclusive philosophy says anyone, anywhere can contribute purely on merit. On the other side, a corporation’s risk-aversion says “not everyone can contribute, after all.” Experienced devs might chuckle at the ironic notion of a CI pipeline doing passport checks — but it’s a nervous laugh. There’s an underlying concern: if open-source projects start enforcing national or political boundaries, what does that mean for the future of our global developer community? In this case, the Contributor Covenant’s promise of diversity and inclusion ran headfirst into a company’s export restrictions. The fallout is a community questioning whether the project is governed by open principles or by a corporate handbook. It’s a serious issue presented in meme form, making us reflect and cringe at the same time. We’re laughing a bit, but it’s the kind of laugh that comes with an uneasy feeling that something fundamental in our tech culture just got challenged.

Description

This is a screenshot of a GitHub pull request discussion, displaying a conflict between open source principles and corporate policy. The top of the image shows a closed pull request titled "Add Flux.unfold #3897". The first comment is from a user named 'mminella', who states that as a project stewarded by Broadcom, they cannot accept contributions from 'Russian sources' due to the company's export policy. Below this, another user, 'LashaDev', expresses confusion and challenges the decision. They question if the rejection is based on the contributor's nationality, which would contradict the project's 'Contributor Covenant Code of Conduct'. LashaDev quotes a section of the code of conduct emphasizing a harassment-free experience for everyone, regardless of nationality, and then asks 'mminella' to clarify the policy and the term 'Russian sources'. The image captures a real-world dilemma where the global, collaborative nature of open-source software development collides with legal and geopolitical restrictions imposed by corporate stewards, in this case, Broadcom, likely in response to international sanctions

Comments

7
Anonymous ★ Top Pick I guess 'permissionless innovation' has a new gatekeeper: the corporate legal department. Your PR is not merged pending a full OFAC review
  1. Anonymous ★ Top Pick

    I guess 'permissionless innovation' has a new gatekeeper: the corporate legal department. Your PR is not merged pending a full OFAC review

  2. Anonymous

    CI summary: Build ✅ Tests ✅ CodeQL ✅ Contributor Covenant ✅ OFAC Compliance ❌ - turns out the hardest part of distributed systems is distributing patches across embargo lines

  3. Anonymous

    When your open source project's inclusivity statement collides with export control laws, and suddenly you're explaining why your code accepts everyone except those whose commits might violate ITAR regulations

  4. Anonymous

    When your pull request gets rejected not because of failing tests, merge conflicts, or code quality issues, but because of your passport. Turns out 'works on my machine' has evolved into 'works in my jurisdiction.' Who knew that after decades of open source preaching borderless collaboration, the biggest blocker wouldn't be technical debt but export compliance? At least now we know what 'enterprise-grade' really means: geopolitically-aware CI/CD pipelines that check your IP address before your code quality

  5. Anonymous

    Flux PR meets ultimate backpressure: not from publishers, but Broadcom's export controls

  6. Anonymous

    Open source in 2025: CI stages are lint, tests, license scan, and OFAC - green code, red passport; turns out the hardest dependency to upgrade is your jurisdiction

  7. Anonymous

    Modern PR pipeline: lint ✅, tests ✅, SAST ✅, CLA/DCO ✅, OFAC ❌ - merge blocked with a polite “Thanks for your continued use,” a.k.a. HTTP 403 for humans

Use J and K for navigation