Python Foundation goes ride or DEI, rejects government grant with strings attached
Summary
The Python Software Foundation (PSF) declined a $1.5m grant from the US National Science Foundation (NSF) after discovering restrictive terms that would have barred the organisation from operating any programmes that “advance or promote DEI” (diversity, equity and inclusion) for the duration of the award. The PSF said the restriction would have applied to the whole organisation, not just the work funded by the grant, and included provisions allowing the NSF to claw back funds if the PSF was judged to have violated the rule.
The PSF — a small non-profit with an annual budget of around $5m and about 14 staff — voted unanimously to withdraw its application rather than compromise its mission to support a diverse, international Python community. The funding was intended to bolster PyPI and Python supply-chain security with automated package review and other protections. The Carpentries previously withdrew from a similar NSF award for the same reason. The PSF expressed disappointment but defended its decision as necessary to avoid open-ended financial risk and to uphold inclusivity commitments.
Author style: Punchy — this matters because it’s a concrete case of politics and funding rules colliding with open-source security efforts; the Foundation chose principle over cash.
Key Points
- The NSF offered $1.5m to the PSF to improve Python and PyPI security, including automated package review and supply-chain protections.
- Grant terms included a prohibition on operating programmes that “advance or promote DEI”, applying to the PSF as a whole, not only the funded work.
- The NSF reserved the right to claw back funds if the PSF were found in violation, creating significant financial risk for a small charity.
- The PSF’s board unanimously withdrew the application to avoid undermining its mission to support a diverse, international community.
- Other organisations (for example, the Carpentries) have also backed away from NSF awards over the same anti-DEI conditions.
- PSF said the restriction weakens the NSF’s ability to fund quality research and could harm open-source security efforts.
Context and relevance
This decision sits at the intersection of public funding policy and open-source ecosystem health. The PSF rejecting the grant highlights how policy changes — notably restrictions on DEI-related activities in grant terms — can deter organisations from accepting money intended to improve security. That creates a real risk: fewer resources for package-manager hardening and supply-chain defences at a time when attacks against open-source infrastructure are a growing concern. It also reflects a broader trend of tech and research groups pushing back against politicised funding conditions.
Why should I read this?
Short version: the PSF chose principle over a big pile of cash — and that choice matters if you care about Python, package security or how public policy affects open-source projects. If you’re weary of the politics-but-not-the-results show, this is a neat, real-world example of the trade-offs organisations face. We’ve read it so you don’t have to — but you should know how this could slow down important security fixes for PyPI.