Spawner detail list: updates from code review

- Thanks @willingc
jupyterhub · Aug 8, 2018 · d4e21f4 · d4e21f4
1 parent a696601
commit d4e21f4
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -90,7 +90,11 @@ Unless otherwise stated for a specific spawner, assume that spawners
 *do* evaluate shell environment for users and thus the [security
 requriemnts of JupyterHub security for untrusted
 users](https://jupyterhub.readthedocs.io/en/stable/reference/websecurity.html)
-are not fulfilled.  This is something which we are working on.
+are not fulfilled because some (most?) spawners *do* start a user
+shell which will execute arbitrary user environment configuration
+(``.profile``, ``.bashrc`` and the like) unless users do not have
+access to their own cluster user account.  This is something which we
+are working on.
 
 
 ## Provide different configurations of BatchSpawner

diff --git a/SPAWNERS.md b/SPAWNERS.md
@@ -42,8 +42,13 @@ Maintainers:
 
 # Checklist for making spawners
 
+Please document each of these things under the spawner list above, -
+even if it is "OK", we need to track status of all spawners.  If it is
+a bug, users really need to know.
+
 - Does your spawner read shell environment before starting?  (See
-  [Jupyterhub Security](https://jupyterhub.readthedocs.io/en/stable/reference/websecurity.html).
+  [Jupyterhub
+  Security](https://jupyterhub.readthedocs.io/en/stable/reference/websecurity.html).
 
 - Does your spawner send SIGTERM to the jupyterhub-singleuser process
   before SIGKILL?  It should, so that the process can terminate