|
|
Subscribe / Log in / New account

Python Software Foundation withdraws security-related grant proposal

[Posted October 27, 2025 by corbet]

The Python Software Foundation, earlier this year, successfully obtained a $1.5 million grant from the US National Science Foundation "to address structural vulnerabilities in Python and PyPI". The actual grant came with some strings attached though, in the form of a requirement not to pursue diversity, equity, and inclusion programs. So the Foundation has withdrawn the proposal rather than agree to terms that run counter to its own mission.

We're disappointed to have been put in the position where we had to make this decision, because we believe our proposed project would offer invaluable advances to the Python and greater open source community, protecting millions of PyPI users from attempted supply-chain attacks. The proposed project would create new tools for automated proactive review of all packages uploaded to PyPI, rather than the current process of reactive-only review.

to post comments

Bravo

Posted Oct 27, 2025 17:07 UTC (Mon) by dskoll (subscriber, #1630) [Link] (7 responses)

It's very sad when granting agencies impose a completely unrelated political agenda on researchers. It's unfortunate that the PSF will lose out on $1.5M, but kudos for them to sticking to their principles.

I don't use Python myself, but I've made a donation to the PSF as a tiny offset to the loss they have incurred.

Bravo

Posted Oct 27, 2025 17:46 UTC (Mon) by 0xilly (guest, #172315) [Link]

100% I'm not the biggest fan of Python I'd go as far to say as I actively dislike it but I just gave them a donation as well.

Bravo

Posted Oct 27, 2025 18:39 UTC (Mon) by jhe (subscriber, #164815) [Link] (3 responses)

I dislike that you threw the "completely unrelated political agenda" stone when none of the things that the NSF now prohibits are related to language programming. Why would the PSF have a conflicting mission in the first places?

Bravo

Posted Oct 27, 2025 19:02 UTC (Mon) by jake (editor, #205) [Link]

> Why would the PSF have a conflicting mission in the first places?

It doesn't, but that does not mean that the PSF can be unconcerned about the possibility that some of its efforts unrelated to the grant may be arbitrarily determined to cross some unwritten "no DEI" rule. A small organization cannot take the risk that funds already spent are clawed back.

Meanwhile, we are keeping a close eye on comments on this item. This is not aimed at "jhe" in particular, but all of the commenters. Please pay close attention to the guidelines in the comment editor before posting.

thanks,

jake

Bravo

Posted Oct 27, 2025 19:32 UTC (Mon) by dskoll (subscriber, #1630) [Link] (1 responses)

Here's the thing: An organization like the PSF might have bylaws or policies that are not directly related to language programming. The NSF should not be considering those things when it decides whether or not to fund an organization, just so long as those bylaws or policies don't actually break the law.

Letting a funding agency dictate unrelated aspects of how an organization is run, especially with the threat of having funding clawed back if the agency decides it doesn't like how the organization ended up being run, is much too high a risk. It's a poison pill.

Bravo

Posted Oct 27, 2025 20:09 UTC (Mon) by pizza (subscriber, #46) [Link]

> NSF should not be considering those things when it decides whether or not to fund an organization, just so long as those bylaws or policies don't actually break the law.

Quite a few organizations only officially instituted DEI (and many other "unrelated to the mission") policies because they were effectively required to do in order to receive governmental funding (including tax relief). Those were either a direct requirement of the laws that created said funding, or court decisions that produced binding case law (usually stemming from the "equal protection" clause of the 14th Amendment)

It is not an exaggeration to say that this government represents a complete reversal of literally decades of carefully constructed and *heavily* adjudicated policies. It remains to be seen what the courts will ultimately do, but I am saddened to see so many of my rural neighbors cheering the abrupt end of so many programs that their livelihood (and often, entire way of life) is utterly dependent upon.

cutting off their nose

Posted Oct 27, 2025 19:15 UTC (Mon) by EmptyJay (guest, #180039) [Link] (1 responses)

They rather forgo a million and a half than agree to judge people by their abilities and not by what they look like.

cutting off their nose

Posted Oct 27, 2025 19:16 UTC (Mon) by corbet (editor, #1) [Link]

This comment was only let through moderation after a long internal discussion. It was allowed, despite a (probably willful) misrepresentation of what DEI is about because we do not believe in trying to suppress points of view.

But it is worth saying that "judge people by their abilities" is exactly what a good DEI program is about — ensuring that all people can bring their abilities, regardless of what they look like or how well they chose their parents.

Anyway, moderation of further discussion will be tight; if you wish to participate, please be sure that you are furthering the discussion in a useful and respectful way.

Confused

Posted Oct 27, 2025 18:38 UTC (Mon) by clugstj (subscriber, #4020) [Link] (4 responses)

I am confused as to how "diversity, equality, and inclusion" programs would address "structural vulnerabilities in Python and PyPl"?

Confused

Posted Oct 27, 2025 18:48 UTC (Mon) by corbet (editor, #1) [Link]

Speaking only for myself, but it seems that going out of their way to ensure they are bringing in developers from the widest talent pool possible would be good for Python in all kinds of ways.

Confused

Posted Oct 27, 2025 18:50 UTC (Mon) by mikapfl (subscriber, #84646) [Link] (1 responses)

Nobody said that
> "diversity, equality, and inclusion" programs would address "structural vulnerabilities in Python and PyPl"

Instead, the PSF says that promoting "diversity, equality, and inclusion" are part of their mission, as well as making Python and PyPI safe. People, and organizations, can have more than one aim at the same time.

Confused

Posted Oct 27, 2025 19:32 UTC (Mon) by Wol (subscriber, #4433) [Link]

Precisely.

Much as I hate all this "inclusivity" crap, I read far too many stories of programming involving cliques, some people actively driving others away, Public School initiation-rite-type behaviour (that's UK Public Schools, not US public schools - completely opposite meaning).

I'd much rather have what I call "positive anti-discrimination", but that's not that much different from "diversity, equality and inclusion". Probably just a different emphasis but targetting the same end (and probably with a slightly different outcome, but not much).

We NEED anti-discrimination programs, so to have grant conditions that forbid that sort of behaviour ...

Cheers,
Wol

Confused

Posted Oct 27, 2025 19:02 UTC (Mon) by excors (subscriber, #95769) [Link]

They wouldn't, but (from the blog post):

> This restriction would apply not only to the security work directly funded by the grant, but to any and all activity of the PSF as a whole.

The US government isn't just choosing not to directly fund "DEI" programs themselves, they're using their control over funding as a way to force companies and universities to eliminate all DEI activity.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds