From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:470:142:3::10]:41474) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jHjSJ-00028D-L8 for guix-patches@gnu.org; Fri, 27 Mar 2020 03:31:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jHjSI-00019q-BN for guix-patches@gnu.org; Fri, 27 Mar 2020 03:31:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:54513) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jHjSI-00017c-5g for guix-patches@gnu.org; Fri, 27 Mar 2020 03:31:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jHjSI-00068V-24 for guix-patches@gnu.org; Fri, 27 Mar 2020 03:31:02 -0400 Subject: [bug#39765] Add package JupyterLab Resent-Message-ID: Date: Fri, 27 Mar 2020 08:30:27 +0100 From: Lars-Dominik Braun Message-ID: <20200327073027.GA4578@zpidnp36> References: <20200224101810.GA9010@zpidnp36> <87d08y915t.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="zhXaljGHf11kAtnf" Content-Disposition: inline In-Reply-To: <87d08y915t.fsf@gnu.org> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 39765@debbugs.gnu.org --zhXaljGHf11kAtnf Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Ludo, > #2 should be quite easy to address: we could arrange to have that > feature disabled by default, so that users don=E2=80=99t find themselves > unknowingly downloading arbitrary code from npm. it=E2=80=99s =E2=80=9Cdisabled=E2=80=9D by default, because it is considere= d experimental in this version of JupyterLab. But a user can re-enable it. And the last part is entirely client-side, so we cannot disable it completely until we fix #1. > #1 is a showstopper. :-/ I suppose that=E2=80=99s a lot of code that wo= uld > need to be imported from npm, right? `jupyter build` downloads about 600 NPM packages, as far as I remember. > I=E2=80=99ve pushed the first two patches of the series (python-json5 and > python-pytest-check-links). Thank you! > That said, it=E2=80=99s a big patch, so it would be even better if we did= n=E2=80=99t > have to carry it. Will the next version of =E2=80=98notebook=E2=80=99 in= clude it? Does not look like it. The pull request[1] has been open for a few months n= ow. It=E2=80=99s vital to our use-case and (probably) everyone hosting notebook= s, but not very useful to the casual home user. So, executive decision: Do you want it= in guix proper? I=E2=80=99ll just maintain it in my channel[2] otherwise. Lars [1] https://github.com/jupyter/notebook/pull/4835 [2] https://github.com/leibniz-psychology/guix-zpid --zhXaljGHf11kAtnf Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEEyk+M9DfXR4/aBV/UQhN3ARo3hEYFAl59q40ACgkQQhN3ARo3 hEYVigwAiGGFF8X4gArot3ak+ve/UX4rKrLHkMWiFsBBZwIr8EXEHbpqhyTr1zIv 1Nq2nCG2lxbY0V1TEwHsvyn1xPB5GOZFuQVai3OZX2ic+/FS1NtmR1nyjX368ZRW Qnrq3p6rdSZ/1HDlr+XXULMtl4GaC1NVR4Jlu3TOHhRNUlVoeCSTqFwXarIrJJwn DQrkIs+N5xXYi7hSXBdYJiP0SGsFfdFG81QfrHYL+a2dm3J5ndVdaaI3t3lX3Sgq s6H3ehOFc6RmHB0JGeyc0riKWcXtMT1T5es9SC7QFXXXfzXEWX/wwnE9GHAEdAWZ Olc7+sGFQsjzvAkr8dP8Ef0KKrdxrUFs/DY0Yn9CjgmYjWf8NxtO/C62DKHpKYOR Wv+evmPs6f5hoW+yItQpXPRktMMHjTr8QP9OoQ4Q2+11XnptoMasndUCylXgq0fi EQ5k7QuNV3B9X1UjQ+bHHzehF79c2IhkbcfgCU9oJs8rVfCeSqecQbRCBNRCpNtS bxMT+ibh =x8+8 -----END PGP SIGNATURE----- --zhXaljGHf11kAtnf--