Regardless, the engagees agreed that there was value in continuing the original engagement tasks, which include the following.
- Perform a high-level survey of existing Jupyter documentation with a focus on the security aspects of installation and configuration. Identify gaps and suggest recommendations for improvement.
- Identify common Jupyter deployment use-cases as targets for Jupyter Security Best Practices documentation.
- Write security documentation for as many of these use-cases as time permits.
Three documents were produced from these engagement tasks.
- A summary of all existing Jupyter documentation focused on security aspects of deployment and configuration. This survey was presented to the Jupyter community via Jupyter's Discourse.
- Suggestions for revisions to Jupyter Notebook documentation related to security of a single-user (e.g., laptop) installation.
- Suggestions for revisions to JupyterHub documentation related to security of a single-server / multi-user (e.g., small scientific project) installation.
All documentation produced during this engagement has been published to a GitHub repository.
Concurrent with this Trusted CI engagement, the Jupyter Security Coordination Team began working with the Jupyter Steering Council to address security issues across the Jupyter project as a whole. This effort led to the following milestones.
- Create a high-level Jupyter Security page on the Jupyter.org site.
- Establish a Jupyter Security Subproject, with bi-weekly meetings open to Jupyter community members interested in the various security-related aspects of the project.
- Create a Jupyter Security GitHub repository.
- Start a proposal for a NumFOCUS security committee.
This engagement represents the start of a bigger conversation focused on Jupyter security concerns. It is our hope that the documentation produced by this engagement will be incorporated by Jupyter developers into their project documentation to assist administrators and users in securing their deployments.
