Article illustration 1

The Python Software Foundation (PSF) has made a principled stand by rejecting a $1.5 million cybersecurity grant from the U.S. National Science Foundation (NSF), citing unacceptable ethical compromises. The funding, allocated through NSF's Safety, Security, and Privacy of Open Source Ecosystems program, aimed to address critical vulnerabilities in Python's packaging ecosystem but came with restrictive clauses prohibiting diversity, equity, and inclusion (DEI) initiatives.

"The mission of the Python Software Foundation is to promote, protect, and advance the Python programming language, and to support and facilitate the growth of a diverse and international community of Python programmers," the foundation stated, underscoring its non-negotiable commitment to DEI principles.

Security Sacrificed for Principles
The grant would have funded automated malware detection for PyPI uploads—a pressing need following years of supply-chain attacks targeting the repository. The tools could have extended to npm and Crate.io, benefiting the broader open-source landscape. NSF's requirement that recipients avoid "advancing or promoting DEI" would have applied to all PSF operations, not just grant-funded activities. Violations risked mandatory repayment, creating untenable financial exposure.

Broader Implications for Open Source
This decision follows The Carpentries' similar rejection of NSF funding in June 2025 under identical terms. It spotlights growing tension between governmental funding structures and open-source communities' core values. With PyPI malware threats escalating, the PSF now faces heightened urgency to secure alternative funding through memberships, donations, and corporate sponsorships.

As open-source infrastructure becomes increasingly critical to global technology, this standoff raises fundamental questions about sustainability: Can essential security work proceed without compromising the inclusive ethos that fuels open-source innovation? The PSF's choice prioritizes community integrity over financial necessity—a watershed moment for ethical funding in technology.

Source: BleepingComputer