Personal blog of Yzmir Ramirez

After stating clearly on Friday that he would honor a $95,000 contract with ICE, CEO Barry Crist must have had a change of heart over the weekend. In a blog post this morning he wrote that the company would not be renewing the contract with ICE after all.

“After deep introspection and dialog within Chef, we will not renew our current contracts with ICE and CBP when they expire over the next year. Chef will fulfill our full obligations under the current contracts,” Crist wrote in the blog post.

He also backed off the seemingly firm position he took on Friday on the matter when he told TechCrunch, “It’s something that we spent a lot of time on, and I want to represent that there are portions of [our company] that do not agree with this, but I as a leader of the company, along with the executive team, made a decision that we would honor the contracts and those relationships that were formed and work with them over time,” he said.

Today, he acknowledged that intense feelings inside the company against the contract led to his decision. The contract began in 2015 under the Obama administration and was aimed at modernizing programming approaches at DHS, but over time as ICE family separation and deportation polices have come under fire, there were calls internally (and later externally) to end the contract. “Policies such as family separation and detention did not yet exist [when we started this contract]. While I and others privately opposed this and various other related policies, we did not take a position despite the recommendation of many of our employees. I apologize for this,” he wrote.

Crist also indicated that the company would be donating the revenue from the contracts to organizations that work with people who have been affected by these policies. It’s a similar approach that Salesforce took when 618 of its employees protested a contract the company has with the Customs and Border Patrol (CBP). In response to the protests, Salesforce pledged $1 million to organizations helping affected families.

After a tweet last week exposed the contract, the protests began on social media, and culminated in programmer Seth Vargo removing pieces of open-source code from the repository in protest of the contract in response. The company sounded firmly committed to fulfilling this contract in spite of the calls for action internally and externally, and the widespread backlash it was facing both inside and outside the company.

Vargo told TechCrunch in an interview that he saw this issue in moral terms, “Contrary to Chef’s CEO’s publicly posted response, I do think it is the responsibility of businesses to evaluate how and for what purposes their software is being used, and to follow their moral compass,” he said. Apparently Crist has come around to this point of view. Vargo chose not to comment on the latest development.

On Friday afternoon Chef CEO Barry Crist and CTO Corey Scobie sat down with TechCrunch to defend their contract with ICE after a firestorm on social media called for them to cut ties with the controversial agency. On Sunday, programmer Seth Vargo, the man who removed his open-source components, which contributed to a partial shutdown of Chef’s commercial business for a time last week, responded.

While the Chef executives stated that the company was in fact the owner, Vargo made it clear he owned those pieces and he had every right to remove them from the repository. “Chef (the company) was including a third-party software package that I owned. It was on my personal repository on GitHub and personal namespace on RubyGems,” he said. He believes that gave him the right to remove them.

Chef CTO Corey Scobie did not agree. “Part of the challenge was that [Vargo] actually didn’t have authorization to remove those assets. And the assets were not his to begin with. They were actually created under a time when that particular individual [Vargo] was an employee of Chef. And so therefore, the assets were Chef’s assets, and not his assets to remove,” he said.

Vargo says that simply isn’t true and Chef misunderstands the licensing terms. “No OSI license or employment agreement requires me to continue to maintain code of my personal account(s). They are conflating code ownership (which they can argue they have) over code stewardship,” Vargo told TechCrunch.

As further proof, Vargo added that he has even included detailed instructions in his will on how to deal with the code he owns when he dies. “I want to make it absolutely clear that I didn’t “hack” into Chef or perform any kind of privilege escalation. The code lived in my personal accounts. Had I died on Thursday, the exact same thing would have happened. My will requests all my social media and code accounts be deleted. If I had deleted my GitHub account, the same thing would have happened,” he explained.

Vargo said that Chef actually was in violation of the open-source license when they restored those open-source pieces without putting his name on it. “Chef actually violated the Apache license by removing my name, which they later restored in response to public pressure,” he said.

Scobie admitted that the company did forget to include Vargo’s name on the code, but added it back as soon as they heard about the problem. “In our haste to restore one of the objects, we inadvertently removed a piece of metadata that identified him as the author. We didn’t do that knowingly. It was absolutely a mistake in the process of trying to restore customers and our global customer base service. And as soon as we were notified of it, we reverted that change on this specific object in question,” he said.

Vargo says, as for why he took down the open-source components, he was taking a moral stand against the contract, which dates back to the Obama administration. He also explained that he attempted to contact Chef via multiple channels before taking action. “First, I didn’t know about the history of the contract. I found out via a tweet from @shanley and subsequently verified via the USA spending website. I sent a letter and asked Chef publicly via Twitter to respond multiple times, and I was met with silence. I wanted to know how and why code in my personal repositories was being used with ICE. After no reply for 72 hours, I decided to take action,” he said.

Since then, Chef’s CEO Barry Crist has made it clear he was honoring the contract, which Vargo felt further justified his actions. “Contrary to Chef’s CEO’s publicly posted response, I do think it is the responsibility of businesses to evaluate how and for what purposes their software is being used, and to follow their moral compass,” he said.

Vargo has a long career helping build development tools and contributing to open source. He currently works for Google Cloud. Previous positions include HashiCorp and Chef.