GNU bug report logs - #39765
Add package JupyterLab

Previous Next

Full log

Message #11 received at 39765 <at> debbugs.gnu.org (full text, mbox):

From: Lars-Dominik Braun <ldb <at> leibniz-psychology.org>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 39765 <at> debbugs.gnu.org
Subject: Re: [bug#39765] Add package JupyterLab
Date: Fri, 27 Mar 2020 08:30:27 +0100

[Message part 1 (text/plain, inline)]

Hi Ludo,

> #2 should be quite easy to address: we could arrange to have that
> feature disabled by default, so that users don’t find themselves
> unknowingly downloading arbitrary code from npm.
it’s “disabled” by default, because it is considered experimental in this
version of JupyterLab. But a user can re-enable it. And the last part is
entirely client-side, so we cannot disable it completely until we fix #1.

> #1 is a showstopper.  :-/  I suppose that’s a lot of code that would
> need to be imported from npm, right?
`jupyter build` downloads about 600 NPM packages, as far as I remember.

> I’ve pushed the first two patches of the series (python-json5 and
> python-pytest-check-links).
Thank you!

> That said, it’s a big patch, so it would be even better if we didn’t
> have to carry it.  Will the next version of ‘notebook’ include it?
Does not look like it. The pull request[1] has been open for a few months now.
It’s vital to our use-case and (probably) everyone hosting notebooks, but not
very useful to the casual home user. So, executive decision: Do you want it in
guix proper? I’ll just maintain it in my channel[2] otherwise.

Lars

[1] https://github.com/jupyter/notebook/pull/4835
[2] https://github.com/leibniz-psychology/guix-zpid

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.