From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 27 03:30:37 2020 Received: (at 39765) by debbugs.gnu.org; 27 Mar 2020 07:30:38 +0000 Received: from localhost ([127.0.0.1]:60485 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jHjRt-0005mx-LW for submit@debbugs.gnu.org; Fri, 27 Mar 2020 03:30:37 -0400 Received: from mail-wm1-f51.google.com ([209.85.128.51]:33860) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jHjRr-0005fd-9a for 39765@debbugs.gnu.org; Fri, 27 Mar 2020 03:30:36 -0400 Received: by mail-wm1-f51.google.com with SMTP id 26so9430380wmk.1 for <39765@debbugs.gnu.org>; Fri, 27 Mar 2020 00:30:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leibniz-psychology-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=r4THEz5ZRZ80+ZJQc3B4IOy7UbasYnpcnrGYMWa+5H4=; b=pB814WyYvvt/hgxSuDhyiTzkaHcaeLuklzxUMeyyeo2S9Csag3nNL2MffNND2vkpul Cdq6t7kLZ47xy3oZuyExT8lVciz7I7GoulaKpY21K3zZRwQmgiQoGUzF0LlwjkT/zRxG z7tpeir7FTBQiEFudkpLBxUWoiRVeEX8rkbz7D4whw4F4bGS+QC4nOc8AvUgk7vMGGyb mriO0O3TXUDQOc5E2amOhtxmJgEOlF1y9oGP6f4pnYVpyo5pFrB8EWaExnZB9Rx8Hk7l F6UxN09N6NPE0Lw9GlgA0btGs4zoCiYLOnNdcVPo9aoZ1R8Kc/fw5mvxf6Kjj4mLTA/3 P/yQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=r4THEz5ZRZ80+ZJQc3B4IOy7UbasYnpcnrGYMWa+5H4=; b=ho8z+b38O0rjEYXjayFeiL962Xi6JL6OtvnnmisJthT5TMY3Uzl/FSHPatjUDF+2W0 5IrFKR5JBin5P2WzCvp0xg4qaxJ3KyH7JtqX5LLP8HzShlkjT+OgDR98RAZCJ4n/UFeO TwuiwG1jCRmUvM+JkXOlPBU0KQY9mGmsM2MbaHZSGZrDoCUEnFoX469noktm3GDfAU7/ 3Gow8KWVnQo9l/cSxCxVAablVGLjMjfQ3ieCHYJH/2gwsByBTP1mtSIrZC84FdMcmY6a OP7AfR91ShAbqL2UZnrmuwQRTk8sG6y0mlKdwOLdJcLcH/2JTJrGuus45rAF3Rsbu+78 4fSg== X-Gm-Message-State: ANhLgQ2WkdCsMXn+Zwe4VvJN69SID9wBIcsi1TV2l99qb/OWGF6gcqVW C0Mc6VDQ0Pd0HxwJJ3mu6o9fEKWCTL/4/umy0VJKkeb7OXctUKIfcDEKY47qKi2zXK5MYrqDw34 KlYbinivBRNWSgyHoKFFTNbaP6GPDmMzIOVppCto0kjGYqBVhqkythsqQY6dhWcDjkbigZkjUA7 FiUhs= X-Google-Smtp-Source: ADFU+vuw9XAonr9zaEIIv2k7TQrC1qtStlum/0dfP5Ce44yGxFL3y9hpcDXxWkoJmDggxzPwbUQXgw== X-Received: by 2002:a1c:b7d7:: with SMTP id h206mr3982544wmf.143.1585294229212; Fri, 27 Mar 2020 00:30:29 -0700 (PDT) Received: from localhost (dynamic-2a01-0c22-d014-0900-3de3-0cf8-7076-2e04.c22.pool.telefonica.de. [2a01:c22:d014:900:3de3:cf8:7076:2e04]) by smtp.gmail.com with ESMTPSA id o26sm6557164wmc.33.2020.03.27.00.30.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 27 Mar 2020 00:30:28 -0700 (PDT) Date: Fri, 27 Mar 2020 08:30:27 +0100 From: Lars-Dominik Braun To: Ludovic =?iso-8859-1?Q?Court=E8s?= Subject: Re: [bug#39765] Add package JupyterLab Message-ID: <20200327073027.GA4578@zpidnp36> References: <20200224101810.GA9010@zpidnp36> <87d08y915t.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="zhXaljGHf11kAtnf" Content-Disposition: inline In-Reply-To: <87d08y915t.fsf@gnu.org> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 39765 Cc: 39765@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --zhXaljGHf11kAtnf Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Ludo, > #2 should be quite easy to address: we could arrange to have that > feature disabled by default, so that users don=E2=80=99t find themselves > unknowingly downloading arbitrary code from npm. it=E2=80=99s =E2=80=9Cdisabled=E2=80=9D by default, because it is considere= d experimental in this version of JupyterLab. But a user can re-enable it. And the last part is entirely client-side, so we cannot disable it completely until we fix #1. > #1 is a showstopper. :-/ I suppose that=E2=80=99s a lot of code that wo= uld > need to be imported from npm, right? `jupyter build` downloads about 600 NPM packages, as far as I remember. > I=E2=80=99ve pushed the first two patches of the series (python-json5 and > python-pytest-check-links). Thank you! > That said, it=E2=80=99s a big patch, so it would be even better if we did= n=E2=80=99t > have to carry it. Will the next version of =E2=80=98notebook=E2=80=99 in= clude it? Does not look like it. The pull request[1] has been open for a few months n= ow. It=E2=80=99s vital to our use-case and (probably) everyone hosting notebook= s, but not very useful to the casual home user. So, executive decision: Do you want it= in guix proper? I=E2=80=99ll just maintain it in my channel[2] otherwise. Lars [1] https://github.com/jupyter/notebook/pull/4835 [2] https://github.com/leibniz-psychology/guix-zpid --zhXaljGHf11kAtnf Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEEyk+M9DfXR4/aBV/UQhN3ARo3hEYFAl59q40ACgkQQhN3ARo3 hEYVigwAiGGFF8X4gArot3ak+ve/UX4rKrLHkMWiFsBBZwIr8EXEHbpqhyTr1zIv 1Nq2nCG2lxbY0V1TEwHsvyn1xPB5GOZFuQVai3OZX2ic+/FS1NtmR1nyjX368ZRW Qnrq3p6rdSZ/1HDlr+XXULMtl4GaC1NVR4Jlu3TOHhRNUlVoeCSTqFwXarIrJJwn DQrkIs+N5xXYi7hSXBdYJiP0SGsFfdFG81QfrHYL+a2dm3J5ndVdaaI3t3lX3Sgq s6H3ehOFc6RmHB0JGeyc0riKWcXtMT1T5es9SC7QFXXXfzXEWX/wwnE9GHAEdAWZ Olc7+sGFQsjzvAkr8dP8Ef0KKrdxrUFs/DY0Yn9CjgmYjWf8NxtO/C62DKHpKYOR Wv+evmPs6f5hoW+yItQpXPRktMMHjTr8QP9OoQ4Q2+11XnptoMasndUCylXgq0fi EQ5k7QuNV3B9X1UjQ+bHHzehF79c2IhkbcfgCU9oJs8rVfCeSqecQbRCBNRCpNtS bxMT+ibh =x8+8 -----END PGP SIGNATURE----- --zhXaljGHf11kAtnf--