Funding supply chain security for one of the most popular open source ecosystems in the world isn’t even a rounding error on the budget.
The debt increases are a political choice: the budget was balanced at the turn of the century, which was used as the pretext for cutting taxes to a level which ensured the problems we’re seeing now based on highly unrealistic growth projections. Cutting all funding on open source, or science, or foreign aid, or even all of those combined is a drop in the bucket compared to our cost of healthcare being whole multiples higher than in our peer countries.
They announced grassroots donations for 10% of the total. That’s good, but still short of where it should be for something so popular.
I think of it like crime or natural disaster: a PyPI compromise could easily cause economic damages on the order of a bad storm or small terrorist attack. Collectively we spend billions trying to mitigate those societally rather than telling each person to defend themselves, and this feels like the same idea adapted to a different context.
I think you’ve badly misread the numbers here: donors have only covered a small fraction of what this NSF grant would have covered.
(And of course, it should go without saying that relying on the public to react to the government’s capricious behavior does not make for a stable funding situation for a nonprofit.)
Externalizing responsibility while taking the value of things and calling that a net win until the consequences come up seems short sighted.
Hopefully nobody else funds this critical infrastructure piece of both the government and private sector software world. Especially someone of a country/color/gender you don't like.
The debt increases are a political choice: the budget was balanced at the turn of the century, which was used as the pretext for cutting taxes to a level which ensured the problems we’re seeing now based on highly unrealistic growth projections. Cutting all funding on open source, or science, or foreign aid, or even all of those combined is a drop in the bucket compared to our cost of healthcare being whole multiples higher than in our peer countries.