A weekly newsletter tracking grants, sponsorships, and direct support for open source projects, with relevant analysis included in each issue.
This week covers new grants and sponsorships, foundation and governance moves, licensing updates, AI-driven security and contribution pressure on maintainers, and current open-source jobs.
This week: funding updates from GNOME, Django, Rust, PHP, FSF, Ruby Central, FreeBSD, NSF, OpenAI, CNCF, Sovereign Tech, and NLnet; Chainguard's Athena coalition; Supabase and PgDog rounds; Euro-Office, Conda, Akka.NET, Unleash, Fossorial, Snowplow, and Bambuddy licensing and provenance scrutiny; long-term maintenance strategy; foundation and consortium joins; and AI-assisted security and coding tools straining open source workflows, including curl's vulnerability-intake pause, human-review stance, CVE-volume forecasts, Agentjacking, review-culture warnings, and CI/CD abuse detection.
This week: Unleash moved to AGPLv3, Supabase and Archestra raised funding, OpenAI, Dependency Firewall, and Sovereign Tech offered maintainer support, EU open source policy advanced, AI-assisted security strained maintainer workflows, and projects joined or launched foundations and consortia.
This week: IBM and Red Hat committed $5 billion to open source security work, F-Droid received FLOSS/fund support, NLnet opened new grant calls, the European Commission looked to open source for tech sovereignty, OpenAI offered Codex credits to maintainers, Packagist expanded funded supply-chain work and sponsorships, Scala completed a funded security audit, hardened-image revenue models drew attention, dbt Core v2 moved more commercial engine work into open source, Kefir moved new compiler development private, slicer AGPL disputes widened, and AI-generated reports and contributions kept raising maintainer-load and trust questions.
This week: pgBackRest found a sponsor coalition, Bambu Lab faced broader AGPL scrutiny, Google nudged Gemini CLI users toward a proprietary alternative, MoonRay joined the Academy Software Foundation, OpenTelemetry graduated in CNCF, and AI-assisted disclosure work kept increasing maintainer pressure.
This week: KDE received major Sovereign Tech Fund support, Zulip created a foundation, Goose moved to the Linux Foundation, AI-assisted vulnerability reporting strained maintainers, and Bambu Lab kept drawing open source backlash.
This week: CopilotKit and RadixArk raised funding, Linea and Microcks moved deeper into foundation governance, package registries got sustainability attention, and AI pressure kept hitting public code, attribution, and contribution workflows.
This week: Cloudsmith, JuliaHub, Expo, ComfyUI, Orkes, and OpenObserve raised funding; O-RAN, Symposium, and the Tokenized Assets Standard found foundation homes; Cal.com and MinIO kept the license debate hot; and AI security concerns put new pressure on public code.
This week: O-RAN moved under LF Networking, ClearlyDefined got a three-year sustainability roadmap, Cal.com went private, the OnlyOffice AGPL dispute escalated, and Linux plus SDL drew firmer lines around AI-assisted code.
This week: more projects entered foundation structures, Apache and CPython picked up funding signals, AI licensing questions sharpened, and AI kept pushing review and policy work back onto maintainers.
This week: several projects moved into new foundation homes, office-suite fights spilled into public, security support looked shaky, and AI kept adding review work for maintainers.
This week: several projects joined foundations or advanced inside CNCF, support signals kept arriving from companies and foundations, and AI-related governance pressure continued to spread.