[Python-Dev] Fwd: We cannot fix all issues: let's close XML security issues (not fix them)

PMS PMS pms.coder at yandex.com
Fri Sep 7 03:51:49 EDT 2018

Thank you Victor.

XML support in Python is critical and desired for many sectors like banking or telecoms,
and code base based on XML is still on rise in such world.

That's why keeping such bugs open is important, as it is not impossible that someone (banks, telecoms, google camps, government grants)
would simply fund small project aiming at fixing those bugs in XML. We never know.

-------- Beginning of forwarded message  --------
07.09.2018, 09:03, "Victor Stinner" <vstinner at redhat.com>:

Le jeu. 6 sept. 2018 à 21:10, Steve Dower <steve.dower at python.org> a écrit :
>  If Christian is not able to keep maintaining the defused* packages, then
>  I may take a look at this next week at the sprints. The built-in XML
>  packages actually don't meet Microsoft's internal security requirements,
>  so I have some business motivation to do it.

Great! The best would be to be able to merge defuse* features into the
stdlib. Maybe not change the default, but add an option to enable
security counter-measures.

Python-Dev mailing list
Python-Dev at python.org
Unsubscribe: https://mail.python.org/mailman/options/python-dev/pms.coder%40yandex.ru
-------- End of forwarded message --------

More information about the Python-Dev mailing list