Sorry for the rant!
But I have heard this kind of FOSS compliance in my org as well.
IMHO this is meaningless.
We should be checking the software for security vulnerabilities and not check the origin country of the authors.
This goes against the entire value of FOSS software
1. Anybody can contribute to an open source software
2. Any contribution would go through vigorous checks purely from technical perspective, irrespective of country of origin.
3. The more a FOSS software is able to keep the checks and balances in place while still maintaining features, it would attract better community and larger acceptance
I understand there are legal reasons for checking authors country of origin because of trade laws and software export laws.
But , in my mind, the lawmakers needs to differentiate between how software is "manufactured" vs other commodities ( say cars)
and that is all the more true in this post pandemic world, where I have contributed from 3 different continents
Any feedback on what can be done to make the lawmakers understand this?