Mattermost CEO here, thanks to @eadmund for the mention, here are some thoughts on the main thread for those interested in Mattermost as an option:
https://github.com/kubernetes/community/issues/8490#issuecom...
Readit Newsit33 commented on Changes to the Kubernetes Slack kubernetes.dev/blog/2025/... · Posted by u/gmemstr
it33 commented on Show HN: Notifico – Open-Source notification server with Email & Slack support notifico.tech/... · Posted by u/GamePad64
Mattermost CEO here, thanks for the mention! Excited to see the integration!
Deleted Comment
it33 commented on Mattermost – open-source platform for secure collaboration github.com/mattermost/mat... · Posted by u/punnerud
-- FWIW: Interviewed here about a year ago - interview process was by far one of the better ones - their community guy Jason was super super kind & their CEO seems to also be a really good human --
Mattermost CEO here, thank you so much, you are very nice!
it33 commented on Mattermost [update: isn't] suspending our licenses because of 'US sanctions' · Posted by u/ntauthority
Hi all, Mattermost CEO here,
We've had administrative error in our compliance automation. If you received an email from compliance@mattermost.com on June 23, 2022 titled "Our limitations due to new United States sanctions" please disregard it.
Ian
Also, I apologize for the confusion this has caused.
it33 commented on Mattermost [update: isn't] suspending our licenses because of 'US sanctions' · Posted by u/ntauthority
> Like many companies we use a 3rd party service to check if someone we’re doing business with a company that has been flagged on export compliance.
Can you elaborate on which service y'all use and what data y'all provide to that service?
Yes, please see: https://news.ycombinator.com/item?id=31852914#31854019
it33 commented on Mattermost [update: isn't] suspending our licenses because of 'US sanctions' · Posted by u/ntauthority
Ian, you might want to clarify that the only thing submitted to the 3rd party service is the company name of the customer and there was no submission of any customer logs.
Some other commenters in this thread think that you log their ip and submit their ip.
Thanks @jsprogram, agree, hopefully this response and links to details help out the folks on this thread: https://news.ycombinator.com/item?id=31852914#31854019
it33 commented on Mattermost [update: isn't] suspending our licenses because of 'US sanctions' · Posted by u/ntauthority
Mattermost CEO here,
Thanks for the question. Like many companies we use a 3rd party service to check if someone we’re doing business with a company that has been flagged on export compliance.
This was more a blanket error than on specific to an account, tweeted about it just now as it’s hit a number of customers: https://twitter.com/iantien/status/1540039939089367040?s=21&...
Hi all,
To answer some of the other questions on this thread, no customer logs nor PII get submitted to the 3rd party service that we use, which is called Descartes: https://www.descartes.com/solutions/global-trade-intelligenc...
We pass name and billing address only.
HN has a lot of people building SaaS and open core companies, so hopefully this thread is a good way to learn about export compliance, which is something we've been doing for many years, though it's gotten extra important in 2022 due to so many new sanctions showing up.
Think of it this way (in a simplified, high level view that doesn't capture all the detail, but intended to share the aesthetic):
1. When you're an early stage company based in the U.S. starting to sell open core licenses or SaaS you typically hire a lawyer to do the legal agreements and help negotiate contracts.
2. If it's a good lawyer, they might talk about "export compliance" and how your company might need to think about doing an assessment on how your product is classified in the context of U.S. export compliance restrictions.
3. If they're a really good lawyer, they may even recommend an export compliance consultant for you to use.
4. After you get your export compliance classification, you're going to need a way to implement the right checks to ensure you're not violating U.S. export compliance laws based on your classification and your customers.
5. You quickly realize you need to buy a tool to do this--not only to check at the time of transaction, but also to alert you if the status of a customer changes (for example, if a customer is added to a list of organizations flagged by public sector organizations).
6. You look at different options, and end up purchasing one and integrating it with your other systems, including Salesforce (sales automation) and Marketo (email automation). In this case, we purchased a subscription to Descartes.
Hopefully that helps share context. Please feel free to ask other questions here.
PS: Here's our ECCN classification for those interested: https://docs.mattermost.com/about/certifications-and-complia...
it33 commented on Mattermost [update: isn't] suspending our licenses because of 'US sanctions' · Posted by u/ntauthority
I think the most interesting part about OP’s story is the question about how did self-hosted solution notify Mattermost server about potential Russian/Belarus connection? Even if the compliance automation was faulty, it’s still interesting how Mattermost found out of a Russian connection at all. (I am assuming this compliance email wasn’t sent out to everyone/larger group of people by mistake, and the OP happened to have a Russian user)
Mattermost CEO here,
Thanks for the question. Like many companies we use a 3rd party service to check if someone we’re doing business with a company that has been flagged on export compliance.
This was more a blanket error than on specific to an account, tweeted about it just now as it’s hit a number of customers: https://twitter.com/iantien/status/1540039939089367040?s=21&...
it33 commented on Mattermost [update: isn't] suspending our licenses because of 'US sanctions' · Posted by u/ntauthority
Hi all, Mattermost CEO here,
We've had administrative error in our compliance automation. If you received an email from compliance@mattermost.com on June 23, 2022 titled "Our limitations due to new United States sanctions" please disregard it.
Ian