-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security FAQ on the main page? #10
Comments
@fperez have you had a look at the document linked from this post: https://discourse.jupyter.org/t/jupyter-security-related-documentation/10921 it's not about a FAQ but it does provide all by itself (even just because of its length) a sense of how much documentation there is and how it's distributed across various projects. What to do with it? Some thing (a FAQ, or primary clearinghouse, not sure what) that gives people answers to high level questions then a way to delve into details would be great. Trusted CI are taking that security docs census and putting together a synthesis document we'll be taking a look at in the next few weeks, maybe a FAQ can be an aspect of that? Attaching (or including) something like that to the top-level security page seems like a good idea. But for a FAQ we need to know: What are the actual most frequently asked questions? |
Ah, hadn't seen that! It's excellent, albeit a bit overwhelming (in a good way :)... My approach with FAQ-building is to take a more, shall we say, subjective view of the word "frequently" :) I grab any question that I can imagine a user asking, even if it comes up only once, but as long as it illustrates an important point well, I put it in. I do that each semester for my big courses, you can see an example here. In a sense the point of the FAQ is that those questions don't get asked too frequently! By having them in one single, easy to find/search/read location, they prevent the questions from coming up at all. So the FAQ is a bit more of an editorial art than a frequency-collection statistical act, IMO... |
As you are active on GitHub, can I get your thoughts on #7 (and #6 which is the corresponding issue) ? I think that extending the jupyter.org/security page makes a lot of sens, with potentially listing previous security vulnerability and also recognition of all the security researcher that contributed. You know like take Apple as an example and do the opposite. |
Just today there was a nice question sent to the disclosures email address about binder, which @Carreau kindly responded to (thanks!!!) It occurred to me that it would be helpful for the community perhaps to have an easy to find list of these common questions. I know we always have the question of "where does the info go" - for example in this case, should it be in binder itself, or in a central location? But while I know duplication runs the risk of staleness, there's also something to be said for these things being very easy to find in expected locations, which points towards some necessary duplication.
My starting suggestion would be to add to Jupyter Security a FAQ section that starts simply with easy, top-level stuff. If it does grow, we can simply break it down by sub-project, and suggest that in each project's security docs, they simply link back to this page (or the reverse - the FAQ could be links to each project's FAQ section, all identically formatted, I have no strong opinions here).
For reference, the question was, in case we do want to seed this with it -
Q: What happens to the data you can upload when using the try-out version of Jupyter Lab online via Binder?
A: When using binder we do our best to destroy all the data as soon as your session expires. It might stay in the server memory for a few minutes after you close the page in case this is just a temporary drop in the connection but we do not attempt to keep it and do not send it somewhere else. We also do our best to make sure users of binder cannot infer information about each other while connected.
Though if you are working with sensitive data, we do recommend working with caution, and either host your own binder or a different service.
Keep also in mind that binder can also run images that are not provided by the Jupyter team, and that for those images we cannot make guarantees about their behavior.
The text was updated successfully, but these errors were encountered: