enhancement-proposals icon indicating copy to clipboard operation
enhancement-proposals copied to clipboard

Published 20 hours ago verified publisher icon jupyter

Discussion: Rethinking notebook cell types

Open fcollonval opened this issue 1 year ago • 4 comments

This topic is one of the output from the Jupyter Community Workshop on the notebook file format.

This is an issue to synchronize and invite any interested body to take part to the discussion of the major new file format structure.

A weekly call has been set up for Tuesday 8:00 AM Pacific Time - Zoom meeting. The meeting notes are available: https://hackmd.io/hHW8k7mKS5qFBhxnFtVTCw

The notes from the workshop are available at https://docs.google.com/document/d/1DMMUOYEhFxoAEKITOrCUK9x0vkTy68mfZ9clof3UrMc

fcollonval avatar Mar 06 '23 13:03 fcollonval

Thanks for posting @fcollonval. FYI @MSeal @rgbkrk.

willingc avatar Mar 10 '23 06:03 willingc

I won't be able to make this week's meeting! I hope it proves fruitful :)

agoose77 avatar Mar 21 '23 11:03 agoose77

I just wanted to highlight that any changes here would ideally consider what should happen to trust. Currently nbformat only allows for transient trusted metadata to be declared on code cells which means that:

  • markdown cells are never trusted and always sanitised (which is part of current Notebook security model)
  • new interfaces like JupyterLab for a long time had trouble producing a JSON dump satisfying nbformat, which lead to trust being wrongly lost as signatures were changing upon reformatting by nbformat (that was done in the background)

Two previously proposed ideas on improving trust/signature mechanism are:

  • split current "catch all" signature into multiple certificates (https://github.com/jupyter/nbformat/issues/296#issuecomment-1232104286):
    • one for integrity of the document ("this notebook was not modified")
    • another mechanism for trusting outputs of cells (or maybe cells in general)
  • implement granular per-cell, per-MIME type trust metadata (https://github.com/jupyterlab/jupyterlab/issues/12889#issuecomment-1435993926) for example accommodating for users who may want to trust all CSS and HTML but not JS (especially relevant for more powerful markdown cells that would blend some of the distinctions); this could look like trust: ['text/markdown', 'text/html', 'text/my-custom-language']

krassowski avatar Apr 09 '23 17:04 krassowski

markdown cells are never trusted and always sanitised (which is part of current Notebook security model)

jupyterlab-myst has now the ability to evaluate python/kernel code inserted into markdown cells, and overrides the default notary handler to deal with that. The evolution should imho add trust notion to any cell (code, markdown or any type that would come)

echarles avatar Apr 09 '23 17:04 echarles