Python Foundation Goes Ride Or Dei, Rejects Government Grant With Stringsattached

The Python Software Foundation (PSF) has walked away from a $1.5 million government grant and you can blame the Trump administration’s war on woke for effectively weakening some open source security. 

The programming non-profit’s deputy executive director Loren Crary said in a blog post today that the National Science Founation (NSF) had offered $1.5 million to address structural vulnerabilities in Python and the Python Package Index (PyPI), but the Foundation quickly became dispirited with the terms of the grant it would have to follow. 

“These terms included affirming the statement that we ‘do not, and will not during the term of this financial assistance award, operate any programs that advance or promote DEI [diversity, equity, and inclusion], or discriminatory equity ideology in violation of Federal anti-discrimination laws,'” Crary noted. “This restriction would apply not only to the security work directly funded by the grant, but to any and all activity of the PSF as a whole.”

To make matters worse, the terms included a provision that if the PSF was found to have voilated that anti-DEI diktat, the NSF reserved the right to claw back any previously disbursed funds, Crary explained. 

“This would create a situation where money we’d already spent could be taken back, which would be an enormous, open-ended financial risk,” the PSF director added.

The PSF’s mission statement enshrines a commitment to supporting and growing “a diverse and international community of Python programmers,” and the Foundation ultimately decided it wasn’t willing to compromise on that position, even for what would have been a solid financial boost for the organization. 

“The PSF is a relatively small organization, operating with an annual budget of around $5 million per year, with a staff of just 14,” Crary added, noting that the $1.5 million would have been the largest grant the Foundation had ever received – but it wasn’t worth it if the conditions were undermining the PSF’s mission. 

The PSF board voted unanimously to withdraw its grant application.

The non-profit would’ve used the funding to help prevent supply chain attacks; create a new automated, proactive review process for new PyPI packages; and makee the project’s work easily transferable to other open-source package managers. 

Crary told The Register in a message that she’s disappointed not to have been able to undertake the security work proposed in the grant, and she agreed that NSF is harming its own ability to fund quality scientific research with the DEI restriction in its grant terms. 

“Part of the problem here is all the uncertainties,” Crary told us. “Even if we wanted to give up anything that might be considered [DEI] work – which we don’t – part of the risk here is that all these restrictions are new, the language is very broad … I had no interest in being the test case.” 

Crary is confident in the group’s choice and credits the Python community for standing behind the Foundation.

“Trusting that our community would stand with our decision made it much easier,” Crary remarked. “And the support we’ve seen today in response to announcing the decision has proven that to be true.” 

The PSF isn’t the first tech foundation to withdraw from an NSF grant due to the anti-DEI pledge. 

The Carpentries, a nonprofit group that provides software engineering and data science training to researchers, was also in line to receive a $1.5 million grant from NSF but withdrew its application in June for the exact same reason as the PSF.

“The Carpentries showed real leadership making their decision,” Crary said.

We reached out to the NSF for comment on the matter, but only received an automated response telling us that, due to the ongoing government shutdown, no one was around to field our questions. ®

Original Source