Open Source Funded

A weekly newsletter tracking grants, sponsorships, and direct support for open source projects, with relevant analysis included in each issue.

May 25, 2026

Issue #9: pgBackRest funding, Bambu AGPL pressure, and AI disclosure load

This week: pgBackRest found a sponsor coalition, Bambu Lab faced broader AGPL scrutiny, Google nudged Gemini CLI users toward a proprietary alternative, MoonRay joined the Academy Software Foundation, OpenTelemetry graduated in CNCF, and AI-assisted disclosure work kept increasing maintainer pressure.

This week in Open Source Funded, the most direct sustainability win came from pgBackRest: after warnings that the PostgreSQL backup project could not continue on one sponsor alone, a coalition including AWS, Supabase, pgEdge, Tiger Data, Percona, and Eon.io stepped in to fund ongoing development.

The licensing story of the week was still Bambu Lab. Software Freedom Conservancy published a detailed AGPLv3 response, while coverage from Aftermath, The Verge, and Open Source For You showed how one fork dispute became a much broader fight over compliance, community trust, and control of 3D-printer software.

AI also remained a pressure multiplier for maintainers, from vulnerability reports and security triage to AI-generated code contributions, patch review debates, and disclosure programs aimed at open source projects.

Projects joining or advancing in a foundation

  • MoonRay, DreamWorks Animation’s open source production path-tracing renderer, joined the Academy Software Foundation as a hosted project — Linux Foundation
  • OpenTelemetry graduated in the Cloud Native Computing FoundationCNCF

Funding and sustainability

pgBackRest announced that it will continue with backing from a new sponsor coalition. The Register covered the same development as a response to the project’s sole maintainer warning that long-term maintenance was at risk.

Socket raised a $60 million Series C at a reported $1 billion valuation to expand its platform for finding and blocking malicious open source packages. SiliconANGLE tied the round to rising dependency volume and AI-assisted development.

NanoCo, the company behind the security-focused NanoClaw alternative to OpenClaw, raised a $12 million seed round after turning down a larger buyout offer.

HP pledged financial support for the Linux Vendor Firmware Service, joining Lenovo and Dell in backing the firmware-update infrastructure used by fwupd.

Microsoft used Open Source Summit North America to describe continued investment in open source security work, including support for OpenSSF Alpha-Omega and participation in GitHub’s Secure Open Source Fund.

Joost de Valk argued that Europe’s “Open Source First” procurement push needs matching investment in maintainers and public-interest infrastructure, not just preference language.

Sources: pgBackRest Will Continue!, PostgreSQL backup tool gets some backup of its own after sole maintainer sounds alarm, Code security startup Socket raises $60M in funding, NanoClaw creator turns down $20M buyout offer, raises $12M seed instead, Good News! After Lenovo and Dell, Now HP Pledges to Support Linux Vendor Firmware Service, From open source to agentic systems: Microsoft at Open Source Summit North America 2026, Open Source First is right, but not enough.

Licensing and commercial boundaries

Software Freedom Conservancy said Bambu Lab violated AGPLv3 obligations around Bambu Studio and related 3D-printer software. The dispute now combines source-code compliance questions, proprietary networking components, the OrcaSlicer fork ecosystem, community mirrors, and public backlash over legal threats.

Google is steering most open source Gemini CLI users toward the proprietary Antigravity CLI, while enterprise and paid API-key users keep Gemini CLI access. The Register and FOSS Force both framed the change as a bait-and-switch concern around an AI developer tool.

ONLYOFFICE Docs 9.4 simplified Community Edition licensing, removed the previous 20-connection limit, and moved some enterprise-only functionality into plugins.

Software Freedom Conservancy’s GPL enforcement case against Vizio is headed to trial in California. The case centers on whether smart-TV owners can obtain complete source code for the Linux-based software running on their devices.

Intel continued archiving open source projects that no longer align with company strategy, including an OBS Studio plugin and CVE Binary Tool-related efforts.

Open Invention Network preserved the source code for OIN 2.0’s Linux System in Software Heritage, tying long-term source availability to patent-risk mitigation and provenance.

Sources: Comprehensive Response to Bambu’s AGPLv3 Violations, The Battle Over 3D Printer Software Licensing Matters For Everyone, ‘Fuck you, Bambu’: How one private message could change the face of 3D printing, Bambu Lab Faces Open Source Licence Firestorm Over OrcaSlicer Fork, Bye-bye, Gemini CLI; Google’s gone and swapped you for a closed-source AI, Gemini CLI’s Short Life and Google’s Antigravity Bait‑and‑Switch, Open Source ONLYOFFICE Docs 9.4 Brings Dark Spreadsheets, Smarter Forms, and a Licensing Cleanup, Yearslong fight over users’ right to tweak smart TV software heads to trial, Intel’s Latest Round Of Open-Source Projects Ended: OBS Studio Plugin, CVE Binary Tool & More, Advancing Open Source Patent Protection: Preservation of OIN 2.0 Source Code

AI pressure on maintainers

The surge of AI-assisted vulnerability reporting continued across security and infrastructure communities. Help Net Security, The Register, Phoronix, and CyberScoop all covered the same core problem: AI tools can scale vulnerability discovery and submission faster than maintainers, security teams, and bug bounty programs can triage useful reports from noise.

Linux networking maintainers are still dealing with high disclosure volume, and Phoronix also reported that FreeBSD 15.1-RC1 includes fixes from a new wave of AI/LLM-driven security research. Techstrong.ai covered Linus Torvalds’ Open Source Summit comments on how AI is changing patch volume, security-disclosure guidance, and maintainer process load.

Coverage around Anthropic’s Mythos vulnerability-discovery system added another disclosure wrinkle. The Register reported that Mythos has scanned more than 1,000 open source projects and found thousands of high- or critical-severity candidates; The Next Web reported that Project Glasswing partners can now share Mythos findings with affected teams, regulators, open source maintainers, media, and the public under responsible-disclosure norms.

The pressure is not limited to security reports. Armin Ronacher described how AI-generated issue reports and confident but wrong diagnoses add triage work for the open source Pi coding-agent project. LeadDev warned that AI-generated abandonware is hollowing out parts of the ecosystem, while InfoQ covered a proposed node:vfs module for Node.js that triggered debate over AI-assisted core contributions, review burden, and DCO implications.

LWN reported on Linux kernel community discussion about using LLMs for patch review: there may be places where AI assistance helps, but maintainers remain wary of review quality and extra process burden.

Sources: AI is drowning software maintainers in junk security reports, AI eyes scanning for bugs create a worrisome Linux security trend, Today’s Linux Networking Fixes: “Craziness Continues With No End In Sight”, FreeBSD 15.1-RC1 Released: Fixes With Now Seeing More AI-Discovered Security Issues, AI might cut false positives, but it won’t stop the slop, Open Source Makes Bugs Shallow, Linus Torvalds Says AI Makes Them Public, The Register on Mythos and open source vulnerability findings, Project Glasswing partners can now share Mythos findings beyond the programme, Building Pi with Pi, AI-generated abandonware is hollowing out open source, NodeJS Proposes Built-In Virtual File System, Sparking Debate Over AI-Generated Contributions, Reviewing kernel patches with LLMs

Foundation and ecosystem notes

The Linux Foundation’s Agentic AI Foundation added 43 new members, including GoDaddy as a Gold Member, as companies align around open standards and open source infrastructure for agentic AI systems.

ActiveState joined the Linux Foundation and OpenSSF, saying it will contribute build infrastructure experience and an open source component catalog to supply-chain security work.

CNCF welcomed CVS Health as a Platinum member, adding another large enterprise user to the cloud-native collaboration ecosystem.

OpenSSF reported five new members, a cyber reasoning sandbox project, the Python secure-coding guide v1.0.0, and its first ambassador cohort. The New Stack separately covered OpenSSF leaders urging companies that depend on open source security work to contribute money, engineering time, or other support.

Sources: Agentic AI Foundation Adds 43 New Members as Enterprise and Government Adoption of Open Agent Standards Accelerates, GoDaddy joins Agentic AI Foundation as Gold Member, ActiveState Joins the Linux Foundation and OpenSSF to Advance Open Source Software Security, CNCF Welcomes CVS Health as a Platinum Member To Expand Cloud Native Collaboration, OpenSSF Notes Quarter of Growth with New Members, Added AI Security Resources, and Growing Community, “Morally repugnant shortsightedness”: Why open source security leaders say companies must stop freeloading on maintainers

Jobs

Foundations and core infrastructure

  • React Foundation / The Linux Foundation — Developer Relations Lead (link) — Remote. Posted 2026-05-22.
  • Wikimedia Foundation — Senior Software Engineer, iOS (link) — Remote. Posted 2026-05-22.
  • Mozilla — iOS Engineer, Mobile (link) — Remote Canada. Posted 2026-05-18.
  • Mozilla — iOS Engineer, Mobile (link) — Remote Germany. Posted 2026-05-18.

Community and developer relations

  • n8n — Community Software Engineer (link) — Remote Europe; Berlin Office. Posted 2026-05-22.
  • n8n — Support Engineering Team Lead | Remote | US (link) — United States (Remote). Posted 2026-05-22.
  • MongoDB — Senior Developer Advocate (link) — Dublin, Ireland. Posted 2026-05-22.
  • Percona — Developer Advocate (Remote) (link) — Remote. Posted 2026-05-22.
  • Mistral AI — Technical Documentation Manager (link) — Paris. Posted 2026-05-21.
  • Wikimedia Foundation — Manager, Community Partnerships (link) — Remote. Posted 2026-05-21.
  • MongoDB — Marketing Operations Manager (Strategic Developer Relations & AI Ops) (link) — Ireland. Posted 2026-05-21.
  • Temporal Technologies — Staff Technical Product Marketing Manager - Platform Infrastructure (link) — United States (Remote). Posted 2026-05-19.
  • Tailscale — Developer Relations Engineer (link) — Remote (United Kingdom). Posted 2026-05-18.

Sustainability and commercial open source

  • Elastic — Principal Product Manager Infrastructure, Observability (link) — Spain. Posted 2026-05-25.
  • Grafana Labs — Engineering Manager - Platform - Usage (link) — United Kingdom (Remote). Posted 2026-05-25.
  • Grafana Labs — Engineering Manager - Platform - Usage (link) — Spain (Remote). Posted 2026-05-25.
  • Grafana Labs — Engineering Manager - Platform - Usage (link) — Republic of Ireland (Remote). Posted 2026-05-25.
  • GitLab — Senior AI Engineer (link) — Remote US. Posted 2026-05-25.
  • GitLab — Senior AI Engineer (link) — Remote, Bangalore. Posted 2026-05-22.
  • ClickHouse — Senior Software Engineer - Data Integration & JVM Ecosystem (link) — United States (Remote). Posted 2026-05-22.
  • ClickHouse — Senior Software Engineer - Data Integration & JVM Ecosystem (link) — Canada (Remote). Posted 2026-05-22.
  • ClickHouse — Senior Software Engineer - Data Integration & JVM Ecosystem (link) — Germany (Remote). Posted 2026-05-22.
  • ClickHouse — Senior Software Engineer - Data Integration & JVM Ecosystem (link) — Israel (Remote). Posted 2026-05-22.
  • ClickHouse — Senior Software Engineer - Data Integration & JVM Ecosystem (link) — The Netherlands (Remote). Posted 2026-05-22.
  • ClickHouse — Senior Software Engineer - Data Integration & JVM Ecosystem (link) — United Kingdom (Remote). Posted 2026-05-22.
  • ClickHouse — Senior Software Engineer - Data Integration & JVM Ecosystem (link) — Amsterdam (Remote). Posted 2026-05-22.
  • Mistral AI — Model Behavior Architect- Function Calling (link) — London. Posted 2026-05-22.
  • Elastic — Principal Product Manager, AI agents - Search (link) — United States. Posted 2026-05-21.
  • Elastic — Principal Product Manager, AI agents - Search (link) — Canada. Posted 2026-05-21.
  • Elastic — Principal Product Manager, AI agents - Search (link) — Spain. Posted 2026-05-21.
  • ClickHouse — Principal Software Engineer - Postgres (link) — United States. Posted 2026-05-21.
  • ClickHouse — Principal Software Engineer - Postgres (link) — India (remote). Posted 2026-05-21.
  • ClickHouse — Principal Software Engineer - Postgres (link) — Netherlands. Posted 2026-05-21.
  • ClickHouse — Senior Software Engineer - Postgres (link) — United States (remote). Posted 2026-05-21.
  • ClickHouse — Senior Software Engineer - Postgres (link) — Canada. Posted 2026-05-21.
  • ClickHouse — Senior Software Engineer - Postgres (link) — India (remote). Posted 2026-05-21.
  • ClickHouse — Senior Software Engineer - Postgres (link) — Netherlands. Posted 2026-05-21.
  • ClickHouse — Senior Software Engineer - Postgres (link) — United Kingdom. Posted 2026-05-21.
  • Grafana Labs — Senior Product Manager (link) — Canada (Remote). Posted 2026-05-21.
  • Grafana Labs — Senior Product Manager (link) — United States (Remote). Posted 2026-05-21.
  • Temporal Technologies — Senior Product Manager, Scalability & Compute (link) — United States (Remote). Posted 2026-05-21.
  • Mistral AI — Technical Program Manager, Science Operations, Code (link) — Paris. Posted 2026-05-20.
  • Mistral AI — Research Operations Manager (Science Systems & Operations) (link) — Paris. Posted 2026-05-20.
  • Collabora — GPU Consultant Engineer (link) — Remote. Posted 2026-05-20.
  • Acceldata — Principal Engineer - Open Source Data Platform (ODP) (link) — Bengaluru, India. Posted 2026-05-20.
  • Acceldata — Senior Solutions Consultant - Open Data Platform (ODP) (link) — Greater London, UK. Posted 2026-05-20.
  • Grafana Labs — Senior Backend Engineer - Grafana Search & Storage (link) — Germany (Remote). Posted 2026-05-19.
  • Grafana Labs — Senior Backend Engineer - Grafana Search & Storage (link) — Republic of Ireland (Remote). Posted 2026-05-19.
  • Grafana Labs — Senior Backend Engineer - Grafana Search & Storage (link) — Spain (Remote). Posted 2026-05-19.
  • Grafana Labs — Senior Backend Engineer - Grafana Search & Storage (link) — Sweden (Remote). Posted 2026-05-19.
  • Grafana Labs — Senior Backend Engineer - Grafana Search & Storage (link) — United Kingdom (Remote). Posted 2026-05-19.
  • Supabase — OrioleDB Developer (AMER) (link) — AMER. Posted 2026-05-19.
  • Acquia — Product Manager (link) — Remote (United States). Posted 2026-05-19.
  • ClickHouse — Senior Software Engineer (Typescript / FrontEnd) - AI/ML (link) — Canada. Posted 2026-05-19.
  • Grafana Labs — Backend Engineer - Platform - Stacks (link) — Spain (Remote). Posted 2026-05-19.
  • Grafana Labs — Backend Engineer - Platform - Stacks (link) — United Kingdom (Remote). Posted 2026-05-19.
  • ClickHouse — Senior Software Engineer (Typescript / FrontEnd) - AI/ML (link) — United States (Remote). Posted 2026-05-18.
  • Canonical — Legal Counsel - Regulatory Compliance, Product and Privacy (link) — Home Based - Americas; Home based - EMEA; Office Based - London, UK. Posted 2026-05-20.

References

All source links are included inline above.

  • newsletter
  • funding
  • foundations
  • open source
  • governance
  • security
  • ai
  • licenses
  • jobs