(no title)

It's not arbitrary banning from foreign countries on your client's request if there's actually good reasons to take precautions with these nation-states.

And why not? They're a private company they can choose to employ whomever they want as long as they're compliant to local labour laws. There's no "due proccess" in business.

"Finally - it actually looks like Gitlab's security practices are truly lacking. That an employee is Chinese/Russian shouldn't be a consideration - the systems should be tight enough to make sure absolutely no-one has access to customer data without consent - and that any actions taken are logged for auditing. Whenever necessary - pass your employees through a background-check. In sensitive (government) scenarios - restrict to employees with government clearance."

Don't improve HR security practices because you're vulnerable in different ways anyways?

If you as a company simply don't trust the government your employees work under, you cannot trust them with sensitive information, even if they're outstanding trustworthy people.