For sure I totally see both points to this but from reading the discussion in the issues it looks like there are several very legitimate legal concerns the executives are ignoring to do this. From what I read her objections weren't specific to if this is good or bad for customers, but if it was legal or not. Seems like the legal concerns were just ignored and they decided to move forward without addressing them. I think she even outlines some steps for things they need to do if they plan to move forward but the executive team just rejected the advice completely.
I went through her comments on this topic and found this [1], regarding her specific legal concerns:
> Anticorruption laws prohibit agreements (oral or in writing) that discriminate based on various factors including nationality. The Export Administration Regulations (EAR) requires U.S. persons to "report quarterly requests they have received to take certain actions to comply with, further, or support an unsanctioned foreign boycott." So a customer simply asking to exclude a country that is not prohibited by law could potentially run afoul of the regulations (there are various caveats here but, regardless, we should not sell out diversity, inclusion and compliance for sake of profit). I should also note that under the 1976 Tax Reform Act (TRA), the behavior isn't prohibited but could result in a loss of tax benefits.
So just claims without citations? I know government entities and certain government contractors can require no foreign nationals, and perhaps even non residents?, have access to their data.
Requiring that people living in countries with no effective legal structuring in place preventing government coercion of residents not have access to data seems reasonable in certain contexts. Certainly more so for countries that are also adversarial.
I'd be surprised to find out there were real legal obstacles to this. On the surface it looks like somebody trying to build a case for their personal stance on the situation. Is she their legal council? Was this run by legal council? "Legal has concerns" would have been a power play and I don't see that..
I don't pretend to know whether restricting country of residence counts as discriminating on any of race, national origin, or nationality... but at least at first glance it seems very plausible.
Edit: And according to her linkedin she is a lawyer licensed to practice in (at least) Minnesota, i.e. she is (was) part of "legal".
That seems to mostly focus on declarations of being non-Jewish which is a thing in some countries and the enforcing of a boycott against Israel.
Technically it could be made to apply to employing people in Russia or China but such restrictions are found with some regularity, if they are problematic that does not just affect GitLab but also lots of other companies.
