The Sovereign Tech Agency has named 14 fellows to maintain critical open source projects spanning Rust, Python, the Linux kernel, and the desktop stack. The selection ratio, 14 chosen from 170 applicants, says as much about the funding gap in open source maintenance as the appointments themselves.
The Sovereign Tech Agency, a German government-backed body that funds open source infrastructure, has announced the 2026 cohort of its Sovereign Tech Fellowship. Fourteen people will receive sustained support to maintain projects that sit underneath a large fraction of the software the world runs. The list reads like a tour of the load-bearing walls of modern computing: the Netfilter subsystem in the Linux kernel, CPython, the pandas and Apache Arrow data stack, docs.rs and the Rust toolchain infrastructure, GNOME, FreeBSD, and Git's documentation.
The thesis embedded in this program is quietly radical. Most software economics assumes that value flows toward whoever controls distribution, the application layer, the user relationship. The maintainers of foundational libraries capture almost none of that value despite generating much of it. A package like Pillow, maintained by fellow Hugo van Kemenade, is downloaded three-quarters of a billion times per month. The financial return to the person keeping it secure and functional has historically been close to zero. The Fellowship is an attempt to correct that asymmetry not through licensing changes or donation drives, which have mostly failed to scale, but through direct, targeted funding of individuals.
What the cohort actually tells us
The most revealing number in the announcement is not 14. It is the denominator. The Agency received 20 applications for employee positions and 150 for freelance roles, and accepted two and twelve respectively. That is roughly an eight percent acceptance rate, and the organization is candid that it had "far more highly qualified applicants than we could bring on board." This is the kind of statistic that should worry anyone who depends on open source, which is to say everyone. It implies a deep reservoir of unfunded maintenance work being held together by people who would gladly do it sustainably if the money existed.
The fellows themselves illustrate how thin the staffing often is on projects of enormous reach. Consider Pablo Neira Ayuso, the Netfilter coreteam leader. Netfilter is the packet filtering framework inside the Linux kernel. Its connection tracking subsystem, conntrack, and the nftables flowtables fast datapath he built are running silently inside firewalls, routers, and embedded devices across the planet. The forwarding path he created to bypass the classic route for established TCP and UDP flows is the sort of optimization that improves throughput for millions of machines while remaining invisible to the people who benefit.
The pattern repeats across the cohort. Joris Van den Bossche maintains pandas, GeoPandas, Apache Arrow, and the geospatial libraries Shapely and pyogrio, the tools that a large share of working data scientists touch daily without thinking about who keeps them coherent. Matthias Klumpp maintains AppStream, PackageKit, and the Freedesktop specifications, the machinery that makes software installation on the Linux desktop function as a coherent experience rather than a collection of incompatible package formats. Denis Cornehl leads docs.rs, the service that automatically builds and hosts documentation for every crate published to Rust's package registry.
Three kinds of labor, finally named
What distinguishes the 2026 program from its 2025 pilot is a structural recognition that maintenance is not one job. The Fellowship now funds three categories: maintainers who write and review code, community managers who grow and sustain contributor bases, and technical writers who close documentation gaps. In 2025, every fellow fell into the first bucket.
This expansion matters because the failure modes of open source projects are rarely purely technical. A project dies when its maintainer burns out and no successor has been cultivated, or when its documentation is so opaque that new contributors give up before their first patch lands. Yanina Bellini Saibene, community manager for rOpenSci and a leader in R-Ladies and The Carpentries, will spend her fellowship lowering the barriers to first contributions: rewriting contribution guidelines, running mentored mini-hackathons, and building multilingual training pipelines. That last detail, localization, points at a structural exclusion in open source, where English fluency has functioned as an invisible admission requirement.
The technical writing fellowships are perhaps the clearest acknowledgment that good documentation is engineering, not decoration. Julia Evans, known for years of widely-read blog posts and zines explaining Git and other tools, started contributing to Git's own documentation in 2025 and will now work on clarifying the core commands and building an official beginner's guide. Anyone who has tried to explain the difference between git reset --soft and git reset --hard to a newcomer understands that Git's conceptual model is correct, powerful, and almost adversarially difficult to learn from the existing manual pages. Meanwhile Elio Qoshi, founder of a security-focused design studio, will work on making Sequoia PGP the usability reference point for PGP, attacking the information design problems that have throttled adoption of encrypted email for three decades.
The supply-chain dimension
Several appointments connect directly to software supply-chain security, an area that moved from academic concern to board-level anxiety after incidents like the xz-utils backdoor. Jan Kowalleck, joining as an employee rather than a freelancer, co-leads CycloneDX, one of the two dominant standards for the software bill of materials, the machine-readable inventory of what a piece of software is actually built from. His fellowship work targets the CycloneDX v2.0 specification and deterministic data-model generation for its Python library, the unglamorous plumbing that determines whether SBOM tooling produces consistent, trustworthy output across ecosystems.
The presence of multiple Python core developers, Stan Ulbrych and Hugo van Kemenade, both members of the Python Security Response Team, reinforces the security framing. When the people who triage security vulnerabilities in one of the world's most widely deployed languages are doing so on a volunteer basis, the case for structural funding writes itself.
Implications and the obvious limits
The philosophical wager here is that critical infrastructure deserves treatment closer to a public utility than a hobby. Roads, water systems, and electrical grids are not funded by passing a hat among the people who happen to drive, drink, or plug in appliances. Open source has run on precisely that hat-passing model for decades, and the strain is showing. The Sovereign Tech Agency, funded by Germany's Federal Ministry, represents one government's bet that some open source code has become genuine public infrastructure and should be funded as such.
There are reasons to hold this optimism loosely. Fourteen fellowships, however well chosen, do not close a gap that the eight percent acceptance rate suggests is enormous. The reliance on a single government's budget introduces a dependency and a political fragility that the broader movement should be wary of replicating. And there is an unresolved question about whether short-term fellowships build durable sustainability or merely subsidize a year of work before the underlying economic problem reasserts itself. The Agency's own framing, with its emphasis on peer mentorship and knowledge transfer, suggests awareness of this risk, but awareness is not the same as a solution.
What the 2026 cohort does establish, concretely, is a counter-model to the prevailing assumption that open source maintenance is either free or someone else's problem. The names on this list have been quietly subsidizing the rest of the industry for years through their unpaid labor. Putting them on contracts, even temporary ones, reframes that labor as work worth paying for. Whether other funders, corporate or governmental, follow Germany's lead will determine whether this remains a notable experiment or becomes the start of a sturdier arrangement for the code we have all chosen to depend on. The full cohort and the projects each fellow will work on are detailed on the Sovereign Tech Agency site.
Comments
Please log in or register to join the discussion