Discussion: Rethinking notebook cell types

[fcollonval]

This topic is one of the output from the Jupyter Community Workshop on the notebook file format.

This is an issue to synchronize and invite any interested body to take part to the discussion of the major new file format structure.

A weekly call has been set up for Tuesday 8:00 AM Pacific Time - Zoom meeting.
The meeting notes are available: https://hackmd.io/hHW8k7mKS5qFBhxnFtVTCw

The notes from the workshop are available at https://docs.google.com/document/d/1DMMUOYEhFxoAEKITOrCUK9x0vkTy68mfZ9clof3UrMc

[willingc]

Thanks for posting @fcollonval. FYI @MSeal @rgbkrk.

[agoose77]

I won't be able to make this week's meeting! I hope it proves fruitful :)

[krassowski]

I just wanted to highlight that any changes here would ideally consider what should happen to trust. Currently nbformat only allows for transient trusted metadata to be declared on code cells which means that:

• markdown cells are never trusted and always sanitised (which is part of current Notebook security model)
• new interfaces like JupyterLab for a long time had trouble producing a JSON dump satisfying nbformat, which lead to trust being wrongly lost as signatures were changing upon reformatting by nbformat (that was done in the background)

Two previously proposed ideas on improving trust/signature mechanism are:

• split current "catch all" signature into multiple certificates (Should kernel info be included in notebook signature computation? nbformat#296 (comment)):
  • one for integrity of the document ("this notebook was not modified")
  • another mechanism for trusting outputs of cells (or maybe cells in general)
• implement granular per-cell, per-MIME type trust metadata (Markdown cells break notebook trust jupyterlab/jupyterlab#12889 (comment)) for example accommodating for users who may want to trust all CSS and HTML but not JS (especially relevant for more powerful markdown cells that would blend some of the distinctions); this could look like trust: ['text/markdown', 'text/html', 'text/my-custom-language']

[echarles]

markdown cells are never trusted and always sanitised (which is part of current Notebook security model)

jupyterlab-myst has now the ability to evaluate python/kernel code inserted into markdown cells, and overrides the default notary handler to deal with that. The evolution should imho add trust notion to any cell (code, markdown or any type that would come)