GNU bug report logs - #39765
Add package JupyterLab

Previous Next

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: Lars-Dominik Braun <ldb <at> leibniz-psychology.org>
Cc: 39765 <at> debbugs.gnu.org
Subject: [bug#39765] Add package JupyterLab
Date: Sun, 29 Mar 2020 16:37:11 +0200

Hi,

Lars-Dominik Braun <ldb <at> leibniz-psychology.org> skribis:

>> #2 should be quite easy to address: we could arrange to have that
>> feature disabled by default, so that users don’t find themselves
>> unknowingly downloading arbitrary code from npm.
> it’s “disabled” by default, because it is considered experimental in this
> version of JupyterLab. But a user can re-enable it. And the last part is
> entirely client-side, so we cannot disable it completely until we fix #1.
>
>> #1 is a showstopper.  :-/  I suppose that’s a lot of code that would
>> need to be imported from npm, right?
> `jupyter build` downloads about 600 NPM packages, as far as I remember.

OK.

>> That said, it’s a big patch, so it would be even better if we didn’t
>> have to carry it.  Will the next version of ‘notebook’ include it?
> Does not look like it. The pull request[1] has been open for a few months now.
> It’s vital to our use-case and (probably) everyone hosting notebooks, but not
> very useful to the casual home user. So, executive decision: Do you want it in
> guix proper? I’ll just maintain it in my channel[2] otherwise.

(It’s not about what I personally want or don’t want, of course.  :-))
In general, the guideline is to have patches that are either included
upstream, just not in a published release, or are Guix-specific and thus
are not meant to be included upstream.

This patch doesn’t seem to fall in any of these two categories, so I
would prefer not to have it, at least not until upstream has included
it.

WDYT?

Thanks,
Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.