Developers are people. People are the same all over. They have their own feelings and biases and value systems.
In the age of globalism, people emigrate everywhere, or they do not, but make their work globally accessible in multiple languages. What does one do when their work is in use, but trust in the product begins diminishing because of their statements or actions?
Current examples:
1) Russia: This country is now designated as a state sponsor of terrorism. A number of developers have expressed Pro-Putin viewpoints and support the war against Ukraine. They are also highly intelligent and have good software products.
2) China: We have all heard about the Huawei 5G debacle which resulted in Huawei equipment getting pulled/banned for national security reasons, this includes smartphones. Huawei was also the #1 contributor to the 5.10 Linux kernel.
Right now, we trust that everyone will do the right thing in perpetuity.
Is trust too idealistic in today's world?
Should you buy software from your enemy? Probably unwise.
Does the code contain any decode of garbled strings and then make web requests?
Do the Individual Contributors (or Companies) have a history of Theft, Hacking, or Espionage?
Are we putting this software into police or military or infrastructure, and should we look at it 100x more carefully?
Another HN post asked "Why aren't bans transitive" (With the hopes that nobody trades with the bad guys anymore) And I responded "Because soon lifting a Sandwich to your Mouth would be a Criminal Act", and similar logic applies here.
Hell, even our """swift""" TikTok "ban" only affects Federal Employees, and not their teen children or relatives, who actually use TikTok and may still know things that foreign Intelligence wants to know
I’m not judging their actions. But it took us time to change the code to prevent this behavior.
For front line devs, the answer is to be aware of potential problems and react only when they occur.
Policy makers and security services need to be more proactive, but they shouldn’t be asking Hacker News.
I don't see why you would need to think about it more than that. One citizen of a country is not a representative of their government. So either you discriminate based on political viewpoints, or you don't. There is no moral discrimination.
There's millions of programmers from countries that aren't actively destroying the world. Treating them preferentially is an incentive for countries to behave better.
Think about it. People self organize into groups (mobs, etc) and there are "trust bonds" formed there. But, those groups - through processes of group think or whatever - generate world views which are opposed to those of other groups.
We have labels for them: Red, Blue, Democrat, Republican, and beyond that.
Now, on top of that, we have greed, power worship, and all manner of other human behaviors which infect some groups. Think: US politicians who lose elections then go bonkers to reclaim their losses.
Why concern yourself with "devs". We're humans (mostly) and suffer all the behavioral norms we see everywhere else. Trust in terms of devs, it seems to me, is a metric you apply through your own lens - your world views, and maybe those of which ever (if any) group to which you belong.
This same principle applies to code. Code is just a form of language and nazis want to use language to do all sorts of problematic stuff like pretend that “Western Culture” is a thing. Any code written by nazis must be deleted.
If you use any code written by Russian nazis who intolerantly fight Ukrainian neo-nazis or genocidal Chinese nazis who mass murder Islamists, then you are a nazi. Burn your laptop, burn To Kill a Mockingbird, burn intolerance and help usher in a new era of authoritarianism where the authoritarians support our warped world view now, so surely they will continue to always act in our interests once we’ve fully eliminated our heteronormative patriarchal “Constitutional Democracy” (which was incidentally drafted by slave-owning nazis)