The Python Software Foundation (PSF) has rejected a $1.5 million government grant due to restrictive conditions that would force the foundation to betray its mission and its community, the programming non-profit announced on Monday.
“In January 2025, the PSF submitted a proposal to the US government National Science Foundation [NSF] under the Safety, Security, and Privacy of Open Source Ecosystems program to address structural vulnerabilities in Python and PyPI,” Loren Crary, PSF’s deputy executive director explained.
“The proposed project would create new tools for automated proactive review of all packages uploaded to PyPI, rather than the current process of reactive-only review. These novel tools would rely on capability analysis, designed based on a dataset of known malware. Beyond just protecting PyPI users, the outputs of this work could be transferable for all open source software package registries, such as NPM and Crates.io, improving security across multiple open source ecosystems.”
Part of the grant would also have gone toward supporting the foundation’s day-to-day operations.
Unfortunately, after having had the proposal accepted, they were presented with terms and conditions that would prevent them from operating any programs that advance or promote DEI (diversity, equity, and inclusion) “during the term of [the] financial assistance award”.
This restriction would to apply to all PSF activity and, if violated, would result in the NSF taking back the transferred (and potentially already spent) funds, Crary explained.
In view of this and the fact that Python Software Foundation’s mission is “to promote, protect, and advance the Python programming language, and to support and facilitate the growth of a diverse and international community of Python programmers,” the foundation’s Board has voted unanimously to withdraw the application.
The move is not unprecendented: earlier this year, The Carpentries non-profit, which teaches coding and data science skills to researchers worldwide, made the same choice, for the same reason.
The Python Software Foundation hopes to raise part or (ideally) the entire sum from the programming community, via donations and sponsorships, and through other grants.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
