NPM is the other major source of issues (congrats for now, `cargo`!), and TIL that NPM is A) a for-profit startup (??) and B) acquired by Microsoft (????). In that light, this gift seems even more important, as it may help ensure that relative funding differences going forward don’t make PyPi an outsized target!
(Also makes me wonder if they still have a Microsoft employee running the PSF… always thought that was odd.)
AFAIU the actual PSF development team is pretty small and focused on CPython (aka language internals), so I’m curious how $750,000/year changes that in the short term…
EDIT: there’s a link below with a ton more info. This gift augments existing gifts from Amazon, Google, Microsoft, and Citi, and they soft-commit to a cause:
Planned projects include creating new tools for automated proactive review of all packages uploaded to PyPI, improving on the current process of reactive-only review. We intend to create a new dataset of known malware that will allow us to design these novel tools, relying on capability analysis.You might be confusing the Python Steering Council - responsible for leadership of Python language development - with the PSF non-profit there.
The PSF is lead by a full-time executive director who has no other affiliation, plus an elected board of unpaid volunteer directors (I'm one of them).
Microsoft employees occasionally get voted into the board, but there is a rule to make sure a single company doesn't have more than 2 representatives on the board at any one time,
The board also elects a chair/president - previously that was Dawn Wages who worked at Microsoft for part of that time (until March 2025 - Dawn was chair up to October), today it's Jannis Leidel from Anaconda.
Meanwhile the Python steering council is entirely separate from the PSF leadership, with their own election mechanism voted on by Python core contributors. They have five members, none of whom currently work for Microsoft (but there have been Microsoft employees in the past.)
Yes, I was talking about Wages -- the day-to-day is surely complex, but I'm sure you'd agree that the president of the board is ultimately "above" the chief executive if push ever came to shove, at least on paper. I will grant that I used "running", which is quite unclear in hindsight! "Responsible for" or "leading" seems more accurate.
She seemed great as policymaker and person, but when I last checked her job was literally to be Microsoft's Python community liason, and that just struck me as... dangerous? On the nose? Giving the reigns to someone from a for-profit, $1.5B corporation whose entire business depends directly upon the PSF's work also seems like an odd choice. Again, I'm sure they're great as an individual, and during normal operations there's no competing interests so it's fine. It's just...
I guess I just have a vision for the non-profit org guiding the world's most popular programming language that doesn't really mesh with the reality of open source funding as it exists today, at the end of the day; the "no 2 representatives from the same company" rule seems like a comforting sign that they(/y'all!) share that general philosophy despite the circumstances.
That is not true of the PSF, nor of many (most?) other US nonprofits. Not on paper, and not practically speaking. The director reports to the board, but officers have little to no unitary power. You can go read the PSF’s bylaws if you like, and if you do you’ll see that officers, including the president, can do very little without a board vote. And because of aforementioned policy, that’s a max of two votes from people employed by a single company.
Also, like, do you know anything about Dawn? She’s been serving the Python community waaaay longer than she’s worked for Microsoft. Questioning her ethics based on absolutely nothing is unfounded and, honestly, pretty fucked up.
There’s this pernicious lie that Microsoft is somehow controlling the PSF. It’s based on about as much evidence as there is for Flat Earth, yet here it is again. At best, repeating this lie reflects profound ignorance about how the PSF actually functions; at worst it seems like some kind of weird disinfo campaign against one of the most important nonprofits in open source.
> Section 5.15. Limits on Co-affiliation of Board Members. No more than one quarter (1/4) of the members of the Board of Directors may share a common affiliation as defined in Section 5.14.
The PSF allows three board members to share an affiliation, 13 seats * 0.25 ~= 3.25.
BTH, that's one too many, and I helped write/recommend the original language. When I was on the board, three felt like too many, even though everyone was wonderful, and it was Google, not Microsoft, that hit the limit.
The DSF (Django Software Foundation) recently adopted a two-person limit, which I recommend more boards consider.
B) Hacker news is crazy -- I didn't expect to spawn a thread that would get responses from actual board members, ex- or otherwise! I'd like to take a brief moment deep down into this thread to echo what I said to Simon above: thanks for giving your valuable time to help grow the best programming language & community to ever exist :)
I assume you have more experience than me in corporate governance, but this is such a fundamental truth that I've just gotta stick to my guns. The executives serve at the pleasure of the board. That's what the board is.
Also, like, do you know anything about Dawn? She’s been serving the Python community waaaay longer than she’s worked for Microsoft. Questioning her ethics based on absolutely nothing is unfounded and, honestly, pretty fucked up.
There’s this pernicious lie that Microsoft is somehow controlling the PSF. It’s based on about as much evidence as there is for Flat Earth, yet here it is again.
The fact of the matter is that the senior-most member of an important non-profit was/is employed in a lucrative, full-time, relatively open-ended role by a firm whose profits depend directly on the work of that non-profit. There's no accusations in that statement, and thus no room for it to be written off as a conspiracy theory.
In terms of why it matters: wouldn't it at least deserve a raised eyebrow if, say...
- The chair of the WHO was employed by J&J?
- The chair of the ACLU was employed by a political party?
- The chair of Make-A-Wish was employed by a Hollywood agency?
The position doesn't have much additional power at all - the chair spends a little more time with the executive director and gets to set the agenda for the board meetings, but board actions still require a vote from the board.
If we felt like an employee of a specific company was abusing their position on the PSF board we would take steps to address that. Thankfully I've seen no evidence of that from anyone during my time on the board.
If anything it's the opposite: board members are very good about abstaining from votes that their employer might have an interest in.
For example, Wikimedia just recently claimed that they can’t chase some political project that critics wanted them to because most of their funds are earmarked-for/invested-in specific projects. So it does happen with US-based tech non-profits to at least some extent.
> $1.5 million over two years would have been quite a lot of money for us, and easily the largest grant we’d ever received.
One of her biggest projects was shepherding a large group of very old donations through a legal process to remove provisions in the donation agreements that were now illegal. In these cases the donors were long deceased, and the most common rule that needed to be changed was targeting race or ethnicity (e.g.: funds setup to help black people, or Irish, etc...).
The sheer number of different variations on "donor intent", or even just the wording on that legal document was astounding. There was always a tension between my wife's group and the group that was bringing in the money ("stewardship"), her group wanted things to be simpler and the "stewarding" group wanted nothing to get in the way of donations. It was remarkably similar to the tensions between sales and engineering in many software firms.
https://www.fordfoundation.org/learning/library/research-rep...
The hippies writing that software may not be compensated at the level you'd expect given the value they provide, but they'll never go hungry.
[1] LLVM and Linux get more cash than they can spend. GNU stuff is comparatively impoverished because everyone assumes they'd do it for free anyway. Stuff that ships on a Canonical desktop or RHEL default install gets lots of cash but community favorites like KDE need to make their own way, etc... Also just to be clear: node is filled with povertyware and you should be extremely careful what you grab from npm.
"almost" is the load bearing word here, and/or a weasel word. Define what an "economically important project" is.
> Also just to be clear: node is filled with povertyware and you should be extremely careful what you grab from npm.
Is "povertyware" what we call software written by people and released for free now?
Linux, clang, python, react, blink, v8, openssl... You know what I mean. I stand by what I said. Do you have a counterexample you think is clearly unfunded? They exist[1], but they're rare.
> Is "povertyware" what we call software written by people and released for free now?
It's software subject to economic coercion owing to the lack of means of its maintainership. It's 100% fine for you to write and release software for free, but if a third party bets their own product on it they're subject to an attack where I hand you $7M to look the other way while I borrow your shell.
[1] The xz-utils attack is the flag bearer for this kind of messup, obviously.
For Linux "all the major contributors and maintainers are on the payroll of one of the big tech interests or a foundation funded by them" is simply not true. It's trivial to prove this by just looking at the maintainers of the subsystems. Making this claim is nonsense to begin with.
Same is true for several major contributors to the Python compiler and subsequent libraries as well.
You will move the goalpost by trying to narrow down what "major contributor" means.
> It's software subject to economic coercion owing to the lack of means of its maintainership. It's 100% fine for you to write and release software for free, but if a third party bets their own product on it they're subject to an attack where I hand you $7M to look the other way while I borrow your shell.
So without knowing anyone you are making a value judgement on the (probable?) lack of ethics? Excuse me?
I can't move the goalpost if you won't produce a ball. Who exactly are you thinking of that needs a job but doesn't have one?
That is not your claim. Your claim is that they "are on the payroll of one of the big tech interests or a foundation funded by them". Which is simply not true.
You can easily find several maintainers of these projects doing this as their part-time hobby project, have cut a deal at work or simply don't work at place that funds Linux development.
I'm not going to call out individual I know the situation and/or their employment history.
Essentially "povertyware" as you call it when you consider the trillion dollar companies built on top of them? Now that's way easier: SQLite, PostgreSQL, ffmpeg, imagemagick, numpy, pandas, GTK, curl, zlib, libpng, zxing or any other popular qr/barcode library, etc...
This is often the problem with charity in general. It's hard to find good organizations that actually need your money. Great ones self-sustain on their own revenue. Good ones are saturated with donations from their own users. There's just a small sliver of projects that are awesome, and could productively use financial support. From personal experience, identifying these is often far more costly than the act of writing a check.
EDIT: or are you rather thinking about the book Working in Public: The Making and Maintenance of Open Source Software?
From a 2022 email:
> (P.S. I have a new last name! Still transitioning everything over, but I’m now Nadia Asparouhova.)
Here the website of the author: https://nadia.xyz/
If you missed it, they bought Bun a while back, which is what Claude Code is built in: https://bun.sh/blog/bun-joins-anthropic
Similar story with Mozilla.
Why is that? Is there lessons to be learned from the Linux Foundation how to actually effectively and responsibly manage that sort of money, in those types of projects?
> CPython core developer Paul Moore described his involvement in the
> packaging community and said: “it’s struggling under the weight of its own
> popularity … the individuals involved are doing their best under what are
> frankly near-impossible conditions.”
> Moore questioned whether the fact that so many businesses now depend on
> Python and PyPI meant that “maybe a purely volunteer basis simply can’t
> work any more,” though he hoped this is not the case.> The PSF would not be fulfilling their mission if they only funded packaging until packaging was "solved" (whatever that might mean) and only then did they fund outreach.
They did the opposite. So they still didn't fulfill it, to the extent that Mozilla, ChanZuck, and astral felt compelled to step in.
The Linux foundation also stewards way more foundations and projects that just "Linux". They are, among other things, in the business of creating foundations and making money that way. For every organization under the Linux foundation, say the CNCF, to be a part of those subprojects, you need to pay a Linux foundation tax.
The Python Software foundation I don't know much about but their scope seems to be only stewarding python. They seem to have far less corporate outreach then the Linux foundation.
Linux Foundation 990 - note page 16-17 with the salaries - there are for profit entity salaries, not nonprofit salaries.
https://apps.irs.gov/pub/epostcard/cor/460503801_201812_990O...
[0] https://www.python.org/psf/annual-report/2024/ [1] https://en.wikipedia.org/wiki/Outreach
In 2020 [1] 48.1% went to "Packaging Work Group/Infrastructure/Other" (I assume because in person pycon was canceled).
I also checked 2021 [2], which was 32.7% pycon and 31.2% pip etc...
Also 2022 [3], 57.8% pycon, 26.6% Packaging Work Group...
In 2023 [4], 60.5% pycon, and Packaging Work Group expenses decreased to 9.6% because of fastly now provides the bandwidth/hosting: "We are grateful to Fastly for making the online services that the PSF provides possible, so that we can invest time and resources into advancing our infrastructure to better meet community wants and needs."
So your assertion seems to have never been true.
[0] https://www.python.org/psf/annual-report/2019/
[1] https://www.python.org/psf/annual-report/2020/
[2] https://www.python.org/psf/annual-report/2021/
I feel it is important to look at the facts, not just vibes.
Those are "fiscal sponsorships" meaning the PSF holds money for other organizations. The PSF is not funding Pallets (or Boston Python or North Bay Python, etc, etc). They accept money earmarked for those organizations and provide administrative support. Details: https://www.python.org/psf/fiscal-sponsorees/
During the 2010s, the packaging group was begging for help. "We're only volunteers," a common refrain: https://news.ycombinator.com/item?id=46605018
During the 2020s, funding for packaging was provided by Mozilla and Chan-Zuck, as PSF wasn't doing enough. https://www.python.org/psf/annual-report/2019/
As we all know, Astral stepped in and solved the problem for them. I moved to their tools as soon as was possible. And not simply because they were fast, but because they work.
For example, here's one that pypa broke for my package a couple of years ago in pip, and never fixed: https://github.com/pypa/packaging/issues/774
uv didn't just happen in a vacuum, there has been lots of investment in the Python packaging ecosystem that has enabled it (and other tools) to try and improve the shortcomings of Python and packaging.
There's PEP 518 [1] for build requirements, PEP 600 [2] for manylinux wheels, PEP 621 [3] for pyproject.toml, PEP 656 [4] for musl wheels platform identifiers, PEP 723 [5] for inline script metadata.
Without all this uv wouldn't be a thing and we would be stuck with pip and setuptools or a bunch of more bandaid hacks on top making the whole thing brittle.
[1] https://peps.python.org/pep-0518/ [2] https://peps.python.org/pep-0600/ [3] https://peps.python.org/pep-0621/ [4] https://peps.python.org/pep-0654/ [5] https://peps.python.org/pep-0723/
(By most metrics, Python became "big" in the mid-late 2000s, which is why the Python 3 transition was so painful.)
[1]: https://www.wisdomandwonder.com/link/2110/why-mit-switched-f...
We should applaud their donation today, and at another time assess the meager contributions of many companies that should be shamed.
I've worked at a few that use the 'mold' linker to dramatically reduce their build times. Again, very few contribute. In this particular case, I managed to get one former employer to make a donation.
But the list goes on.
Short arms, deep pockets, as the saying goes.
If python wants to require money for updates or for customers over $X in revenue, they can!
If companies don’t want to donate, they don’t have to just as python contributors don’t have to if they’re annoyed at how it’s used.
a couple of paid engineers could support every previous version essentially forever
A more impactful change from firms might be to celebrate and reward community contributions of their own employees. This can establish a more productive culture than just money. If an engineering company is willing to donate money (yay!), perhaps consider making sure that employees are celebrated for contributions they make in a manner that is similar to how we currently celebrate monetary transactions.
For an example of the opposite, Google laid off their entire Python team, something that also made HN front page: https://news.ycombinator.com/item?id=40171125
Even if it would be a small fraction of $1.5M
But also they rely heavily on Python and want to support the ecosystem.
May or may not benefit the community.
According to multiple articles, Anthropic expects to reduce its cash burn to around one-third of revenue in 2026.
This implies total spending is roughly revenue + cash burn ≈ $23 billion + $7.7 billion ≈ $30.7 billion
When you divide the total spending to the length of the whole year, $1.5 million would sustain Anthropic for roughly 0.43 hours, or about 26 minutes.
simianwords•3w ago
reactordev•3w ago
simianwords•3w ago
shadowgovt•3w ago
It's pretty great, because you can run it in debug mode where it will assert-fail if your static type assertions are violated, or in optimized mode where those checks (and the code to support multiple types in a variable) go away and instead the program just blows up like a C program with a bad cast does.
reactordev•3w ago
Qem•3w ago
Mypyc will do. See https://blog.glyph.im/2022/04/you-should-compile-your-python...
__MatrixMan__•3w ago
simianwords•3w ago
reactordev•3w ago
__MatrixMan__•3w ago
And just a few comments earlier you said:
> Just recently I heard that typed languages are best for agentic programming
Are we not talking about using python (or some alternative) to constrain the behavior of agents?
simianwords•3w ago
skeledrew•3w ago
alex_suzuki•3w ago
reactordev•3w ago
danielbln•3w ago
simianwords•3w ago
maleldil•3w ago
simianwords•3w ago
solumunus•3w ago
maleldil•3w ago
Python is a good language. Its ecosystem is rich, and I find it very productive. I want to use it, but I also want as much static analysis as possible, so I use ruff and pyright.
wincy•3w ago
9rx•3w ago
Not really. You can do some basic checking, like ensuring you don't pass a string into where an integer is expected, but your tests required to make sure that you're properly dealing with those integers (Python type hints aren't nearly capable enough to forgo that) would catch that anyway. The LLM doesn't care if the error comes from a type checker or test suite.
When you get into real statically typed languages there isn't much consideration for Python. Perhaps you can prompt an LLM to build you an extractor, but otherwise, based on what already exists, your best bet is likely Lean extracted to C, imported as a Python module. Easier would be to cut Python out of the picture, though.
If you are satisfied with the SMT middle-ground, Dafny does support Python as a target. But as the earlier commenter said: Types are best.
maleldil•3w ago
It's not Rust-level, but I'd argue it's better than C or Go's type systems.
9rx•3w ago
These partial type systems cannot replace any actually useful tests. I'll grant you that testing is the least understood aspect of computer science, leading to a lot of really poorly conceived tests out in the wild. I can buy that those bad, useless tests can be replaced — albeit weren't actually needed in the first place.
shadowgovt•3w ago
For a lot of the business world, code flexibility is much more important than speed because speed is bottlenecked not on the architecture but on the humans in the process; your database queries going from two seconds to one second matters little if the human with their squishy eyeballs takes eight seconds to digest and understand the output anyway. But when the business's needs change, you want to change the code supporting them now, and types make it much easier to do that with confidence you aren't breaking some other piece of the problem domain's current solution you weren't thinking about right now (especially if your business is supported by a team of dozens to hundreds of engineers and they each have their own mental model of how it all works).
Besides... Regarding performance, there is a tiny hit to performance in Python for including the types (not very much at all, having more to do with space efficiency than runtime). Not only do most typed languages not suffer performance hindrance from typing, the typing actually enables their compilation-time performance optimizations. A language that knows "this variable is an int and only and int and always an int" doesn't need any runtime checks to confirm that nobody's trying to squash a string in there because the compiler already did that work by verifying every read and write of the variable to ensure the rules are followed. All that type data is tossed out when the final binary gets built.
lambdaone•3w ago
simianwords•3w ago
lambdaone•3w ago
_cairn•3w ago
psunavy03•3w ago
__MatrixMan__•3w ago
pantsforbirds•3w ago
exceptione•3w ago
shadowgovt•3w ago
exceptione•3w ago
shadowgovt•3w ago
To be clear: Haskell is great, but its entire vibe (lazy evaluation, pure functions) is entirely different from what Python's about. Someone who knows C++ or Java has a much bigger gap to jump to pick up Haskell than to pick up Python.
exceptione•3w ago
I know I am not going to sell it to monogamous devs, but those that are open minded should give it a try.
___
¹ This is something people will start to appreciate once they get serious about the risk of supply chain attacks.
² Python developers feel they are doing fine with pip or uv, at least in my experience, but then I find they haven't dealt with package mgmt in alternative languages.
³ Types in python are a hack, bolting on something afterwards will not reach what is possible with a language that has been designed with types as core element.
skeledrew•3w ago
pansa2•3w ago
shadowgovt•3w ago
I can name an absolute handful of languages I've used that have that flexibility. Common LISP comes to mind. But in general you get one or the other option.
pansa2•3w ago
It’s also a worst-of-both-worlds arrangement, in that you have to do the extra work to satisfy the type checker but don’t get the benefits of a compiled language in terms of performance and ease-of-deployment, and only partial benefits in terms of correctness (because the type system is unsound).
AFAIK the Dart team felt this way about optional typing in Dart 1.x, which is why they changed to sound static typing for Dart 2.
9rx•3w ago
That was an okay tradeoff for humans writing code as it enables things like the squiggly line as you type for basic mistakes, automatic refactoring, etc. But that stuff makes no difference to LLMs.
embedding-shape•3w ago
That's not like a widespread/by-default/de-facto standard across the ecosystem, by a wide margin. Browse popular/trending Python repositories and GitHub sometime and I guess you can see.
Most of the AI stuff released is still basically using conda or pip for dependencies, more times than not, they don't even share/say what Python version they used. It's basically still the wild west out there.
Never had anyone "frown" towards me for not using MyPy or any typechecker either, although I get plenty of that from TS fans when I refuse to adopt TS.
pansa2•3w ago
I’ve seen it many times. Here’s one of the more extreme examples, a highly-upvoted comment that describes not using type hints as “catastrophically unprofessional”:
https://www.reddit.com/r/Python/comments/1iqytkf/python_type...
embedding-shape•3w ago
Don't read stuff on reddit and use whatever you've "learned" there elsewhere, because it's basically run by moderators who try to profit of their communities these days, hardly any humans left on the subreddits.
Edit: I really can't stress this enough, don't use upvotes/likes/stars/whatever as an indicator that a person on the internet is right and has a good point, especially not on reddit but I would advice people to not do so on HN either, or any other place. But again, especially on reddit, the upvotes literally count for nothing. Don't pick up advice based on upvoted comments on reddit!
shadowgovt•3w ago
Python typed or untyped feels like a taste / flexibility / prototyping tradeoff; TypeScript vs. JavaScript feels like "Do you want to get work done or do you want to wrap barbed wire around your ankle and pull?" And I say this as someone who will happily grab JS sometimes (for <1,000 LOC projects that I don't plan to maintain indefinitely or share with other people).
Plus, TypeScript isn't a strict superset of JavaScript, so choice at the beginning matters; if you start in JS and decide to use TS later, you're going to have to port your code.
embedding-shape•3w ago
> TypeScript helps paper over like 90% of the holes in JavaScript
Always kind of baffles me when people say this, how are you actually programming where 90% of the errors/bugs you have are related to types and other things TS addresses? I must be doing something very different when writing JS because while those things happen sometime (once or twice a year maybe?), 90% of the issues I have while programming are domain/logic bugs, and wouldn't be solved by TS in any way.
shadowgovt•3w ago
I can just skip the mypy run if I want to do untyped Python. I can't skip adding types if I'm writing TypeScript in most contexts; it's not valid TypeScript syntax. Conversely, I can't add types to JavaScript; it's not valid JavaScript syntax (jsdoc tags and running a static checker over that being a different subject, and more akin to the Python situation).
> how are you actually programming where 90% of the errors/bugs you have are related to types and other things TS addresses
It's the things in the "wat" video. JavaScript, in general, errs on the side of giving you some answer when you try and do something very unusual with types (like add a boolean to a number or a string to an array) over taking a runtime error. TypeScript will fail to typecheck in most of the places where those operations are techincally correct but surprising as hell in the wrong way unless you explicitly coerce the types to match up.
embedding-shape•3w ago
It's a funny video, still after 15 years of seeing it, I'll give you that. But the number of times I'm bothered by accidentally triggering those scenarios in real-life? Could probably count that on one hand.
I also give you that TypeScript helps beginner JavaScript developers a ton, and that's no easy feat by itself, just because of those things you mention. Once you build up intuition about how things work in JavaScript though, those sort of bugs should stop happening though, otherwise I'd say you aren't really learning the language.
__MatrixMan__•3w ago
If you're working on a project that doesn't use type hints, there's also plenty of frowning, but that's just because coding without a type checker is kind of painful.
embedding-shape•3w ago
Yeah, that obviously makes sense, not following the code guidelines of a project should be frowned upon.
desireco42•3w ago
minimaxir•3w ago
oefrha•3w ago
dude250711•3w ago