I'm not sure which "side channel results" you refer to, but I don't think Python tries to prevent Spectre-style attacks at all. I don't believe it's necessary because, unlike JavaScript and Lua, Python doesn't try to support running within an in-process sandbox.

They seem to have been pretty well known among my former co-workers so I'm not sure if there's an original paper on it or what, but things like detecting the difference between small (cached) integer creation time and the full object instantiation, computational complexity attacks on dictionaries, etc.

These are distinct from eg Spectre because the point isn't isolation breaking, it's leakage. But at least a few years ago there was always a question of "are side channel attacks real", and I think we're pretty clearly over that question now.