[Python-Dev] We cannot fix all issues: let's close XML security issues (not fix them)

Victor Stinner vstinner at redhat.com
Fri Sep 7 03:00:54 EDT 2018

Le jeu. 6 sept. 2018 à 21:10, Steve Dower <steve.dower at python.org> a écrit :
> If Christian is not able to keep maintaining the defused* packages, then
> I may take a look at this next week at the sprints. The built-in XML
> packages actually don't meet Microsoft's internal security requirements,
> so I have some business motivation to do it.

Great! The best would be to be able to merge defuse* features into the
stdlib. Maybe not change the default, but add an option to enable
security counter-measures.


More information about the Python-Dev mailing list