A Cold Email and a Hot Dilemma
It was a soggy Monday in late October, the kind that turns city skylines into blurry watercolor. Loren Crary, deputy director of the Python Software Foundation (PSF), stared at the subject line in her inbox: “$1.5 Million NSF Grant – Final Terms Attached.” Under ordinary circumstances, this was the kind of windfall that could secure the open-source lifeblood for years. But the moment she clicked open, Crary realized a choice was looming: take the money and compromise, or walk away and lean into their hard-wired values[1][2][3][4].
The Heart of the Matter: Why Python’s Money Came with Strings
The National Science Foundation (NSF) had offered a generous $1.5 million grant to fortify Python—the language that powers everything from Instagram to spacecraft guidance—against supply chain attacks and toxic code[1][2][3][4]. With the explosion of ransomware and escalating hacks, millions depend on Python’s reliability every day. Most people never think about the invisible hands keeping their cryptocurrency safe or their banking apps humming—but that’s the work the PSF does, usually with a shoestring budget[1][2].
But the grant contained an unexpected clause: the PSF had to forswear all activities that “advance or promote DEI (diversity, equity, and inclusion), or discriminatory equity ideology,” across any operations, for the life of the grant[1][2][3][4]. The risk wasn’t just reputational; it allowed the government to “claw back” all distributed funds, even if they’d already been spent[1][2][4].
The Technical Battle: How Security and DEI Became Entangled
To non-technical readers: a “supply chain attack” is when bad actors sneak malware or vulnerabilities into the public libraries every developer pulls from—like tainting ingredients in a community kitchen before the city’s biggest festival. PSF’s plan was to build a digital shield: new tools for automatically vetting these third-party packages and neutralizing threats before they reached users[1][3][4].
NSF’s initiative made perfect sense—until the strings appeared. Security, in tech, is both mathematical and deeply human. That’s why diversity, equity, and inclusion aren’t just buzzwords—they’re foundational for robust code and resilient communities. When vulnerabilities surface, it’s the many perspectives (not just the loudest or most “typical”) that spot risks and devise creative fixes[1][2][3]. The restriction wasn’t just financial—it challenged the PSF’s very reason for existing: to serve all coders, regardless of where they come from[2][3].
Inside the Room: The Vote That Changed Everything
In a small, glass-walled office, the PSF board gathered: fourteen people, each carrying the weight of five million Python users—and their own convictions[1][2]. For some, the grant would triple annual security spending and possibly create jobs. For others, the anti-DEI clause was a non-starter. The legal team outlined the risks—a potential existential crisis if even one workshop or program violated the anti-DEI terms[2][3].
When the roll call started, the votes fell one after another: unanimous. They would reject the grant, prioritizing the creed embedded in their mission—supporting a diverse, international community of Python programmers[1][2][3].
Analyst Insights: What Do the Experts Say?
Tech policy consultant Regina Choi described it as “the moment when open source finally said, ‘our values are our security plan.’” Anna Patel, from the Digital Rights Foundation, argued that “tech ecosystems thrive on ideas from the margins. Removing DEI isn’t just a social step backward—it’s a security risk.”
Even some NSF officials privately whispered: “We wanted security; what we lost was trust.”
Making It Personal: Sophia’s Story
Sophia is a self-taught Python coder in Mexico City. She went from high school hobbyist to teaching workshops for girls who’d never seen a laptop. To her, PSF’s choice was clear. “If our role models had bowed out for the money, those doors would close for people like me. Sometimes, protecting code means protecting community.”
Industry, Government, and Global Ripples
The tech world took notice. AI labs, database giants, even e-commerce startups—many quietly rely on Python but rarely fund its keepers[2][5]. Now, PSF’s decision was shaking boardrooms, sparking pledges for grassroots support, and forcing industries to reckon with the fragility of their own digital foundations[3][4][5].
Governments split. Some, like Canada and Germany, signaled that inclusive tech was non-negotiable. Others issued statements lauding NSF’s “financial discipline.” Behind the scenes, open source leaders were suddenly asking: “If politics dictate who gets defended, what happens to global trust in technology?”[1][2][3][4]
What’s Next—and Could It Happen Again?
Without the grant, PSF faces real challenges—paused funding programs, slow progress on new security tools, and rising pressure for donations[3][5]. Yet the lesson reverberates: values and integrity aren’t line items. They’re built into the code.
Could it happen again? Absolutely. In a world where funding and ideology mix more than ever, tech nonprofits must navigate the push and pull every grant brings. Every coder, every company depending on open source, faces the same question: what happens when a principle collides headlong with a payday?
Is tech better off chasing funding—or finding its backbone?
FAQ
Why did the Python Foundation reject a $1.5 million grant from the NSF?
The Python Software Foundation turned down the money due to an anti-DEI clause that would have forced it to abandon diversity, equity, and inclusion initiatives—integral to its mission—under threat of retroactive repayment[1][2][3][4].
What was the grant supposed to fund, and why does it matter for software security?
It aimed to support security upgrades in the Python Package Index, crucial for protecting millions of users against supply chain attacks—where malware sneaks into commonly-used code libraries[1][3][4].
How does diversity relate to open-source software and security?
Greater diversity in contributors results in more robust, innovative solutions and helps spot vulnerabilities others might miss. Restricting DEI could undermine both technical and community resilience[2][3].
What is the PSF’s financial situation after rejecting the grant?
The Foundation is now under increased financial strain, pausing its own grant programs and calling for more community donations and sponsorships[3][5].
Could other open source organizations face similar dilemmas?
Yes. As political and funding conditions evolve, many organizations may have to choose between core values and essential resources.
How are industries and governments responding?
Some companies and governments have pledged support for inclusive tech and open source, while others back the restriction. The broader tech community is re-examining how values and funding interact[5].
What does this mean for everyday Python users?
The stability and security of Python—the language behind countless websites, devices, and services—depends on continued community support and principled leadership.