Python Software Foundation withdraws security-related grant proposal

Date:
Mon, 27 Oct 2025 16:28:13 +0000

Description:
The Python Software Foundation, earlier this year, successfully obtained a $1.5million grant from the US National Science Foundation " to
address structural vulnerabilities in Python and PyPI ". The actual
grant came with some strings attached though, in the form of a requirement
not to pursue diversity, equity, and inclusion programs. So the Foundation
has withdrawn
the proposal rather than agree to terms that run counter to its own
mission. We're disappointed to have been put in the position where we had to
make this decision, because we believe our proposed project would
offer invaluable advances to the Python and greater open source
community, protecting millions of PyPI users from attempted
supply-chain attacks. The proposed project would create new tools
for automated proactive review of all packages uploaded to PyPI,
rather than the current process of reactive-only review.

======================================================================
Link to news story:
https://lwn.net/Articles/1043563/


--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)