[raziel2p]

If you read this literally, you could get away with leaking state secrets as long as you're visiting a relative while doing it.

Github cannot be expected to reliably differentiate between the coworker who just checked the status of a PR on a webapp versus the employee who opened a crucial piece of encryption code to leak it to the Iranian military or whatever.

[mcguire]

This is an economic sanction against Iran; it has nothing to do with state, or corporate, secrets.

[x86_64Ubuntu]

If that's the case, then the problem isn't Github, but of the organization having Iranian intelligence assets on staff. And the whole idea of the government regulating encryption and it being weaponized is overdone.

[koheripbal]

The above is not law. The law is more detailed. This is a FAQ that should be interpreted in a reasonable fashion, not with an extreme use-case.

[saagarjha]

A spy could also just clone the repo and travel to Iran, too.

[Siira]

Spies can send information from anywhere in the world to anywhere else, so I don’t see how they being in a specific location at all matters.

[hoppla]

I do not see why a geoip filter do not suffice. GitHub should not be the one to interpret the whole complex picture.