On Thu, Feb 28, 2013 at 8:53 AM, Benjamin Peterson <benjamin@python.org> wrote:
2013/2/28 Brett Cannon <brett@python.org>:
>
>
>
> On Thu, Feb 28, 2013 at 6:34 AM, Michael Foord <fuzzyman@voidspace.org.uk>
> wrote:
>>
>>
>> On 28 Feb 2013, at 07:36, Georg Brandl <g.brandl@gmx.net> wrote:
>>
>> > Am 27.02.2013 17:51, schrieb Michael Foord:
>> >> Hello all,
>> >>
>> >> PyCon, and the Python Language Summit, is nearly upon us. We have a
>> >> good number of people confirmed to attend. If you are intending to come to
>> >> the language summit but haven't let me know please do so.
>> >>
>> >> The agenda of topics for discussion so far includes the following:
>> >>
>> >> * A report on pypy status - Maciej and Armin
>> >> * Jython and IronPython status reports - Dino / Frank
>> >> * Packaging (Doug Hellmann and Monty Taylor at least)
>> >> * Cleaning up interpreter initialisation (both in hopes of finding
>> >> areas
>> >>  to rationalise and hence speed things up, as well as making things
>> >>  more embedding friendly). Nick Coghlan
>> >> * Adding new async capabilities to the standard library (Guido)
>> >> * cffi and the standard library - Maciej
>> >> * flufl.enum and the standard library - Barry Warsaw
>> >> * The argument clinic - Larry Hastings
>> >>
>> >> If you have other items you'd like to discuss please let me know and I
>> >> can add them to the agenda.
>> >
>> > May I in absentia propose at least a short discussion of the XML fixes
>> > and accompanying security releases?  FWIW, for 3.2 and 3.3 I have no
>> > objections to secure-by-default.
>> >
>>
>> Sure. It would be good if someone who *will* be there can champion the
>> discussion.
>
>
> While Christian is in the best position to discuss this, I did review his
> various monkeypatch fixes + expat patches so I can attempt to answer any
> questions people may have.

How close are they to being applied?

I have no idea. Ask Christian. =) I can just answer what the attacks are and what had to change to protect against them.