Start notebook server in root VCS directory if found.

[mforbes]

I have not fully thought through the implications of this yet, but it could be very handy if nbopen was VCS aware and would start a server at the top level (or a customizable level) of a repository when started in a version controlled project. One particular use case is to include project-specific python_notebook_config.py or python_config.py files in a single location that will automatically apply to notebooks opened within that project. (Presently these will only take effect if ipython is run in the same directory as the config files and I know of no way to specify that config files in preceeding directories should take effect.)

Maybe a good way of doing this would be for nbopen to look for a specific configuration file in the root of a project (either defined as the location of VCS directories like .hg or .git or maybe defined as a top-level python package directory with setup.py. In the latter case, maybe the configuration could be in setup.cfg) which can specify where ipython notebook should be run from or where the configuration files are located (so they don't need to pollute the root directory namespace).

[takluyver]

I'm not sure that finding a VCS root makes sense:

1. The point of nbopen is that you can use it the same way without having to think about whether there's a server already running or not. If launching a new server would start with project customisations, that's not equivalent to using an existing server.
2. I'm somewhat wary of our config files, because they are both executed and can specify code to execute. We've had long and contentious discussions about security, and one principle that has come out is that it should be safe to open an untrusted notebook without it being able to run code (until the user starts explicitly running that code, of course). I think a similar principle goes for repositories - if I clone a repo from somewhere on the internet and double click a notebook, I don't expect that to execute Python code from that repo.

[mforbes]

Is there somewhere we could chat briefely about this (maybe the IPython gitter?). I understandt the concerns, but am trying to find a way for colleagues to easily work with notebooks that have a few extensions (post-save hooks to clean outpt before VCS commiting for example) without complicating their life with installing extensions, running special commands, etc.

[takluyver]

Can they just run ipython notebook in the VCS root manually and access the files through the dashboard? I'm not entirely comfortable with the way it uses a local config file, but it's there for just this use case. I feel like extending that to double clicking on notebooks in a GUI file manager is a step too far in terms of security.

For chatting: feel free to drop into the ipython chat room on gitter. I'm feeling a bit swamped at the moment, though.

[mforbes]

In principle, yes, but in practice, some of my colleagues seem only comfortable clicking on files... so if I want to convert them to using IPython I must make it extremely easy for them. If I do not find a better option, would you accept a PR for an external flag that implements this behaviour? That way, I could register a customize application for them so that when they double click, they get the customized experience, but it would be disabled by default so that only people who explicitly register an application with this flag enabled would see this insecure behaviour.

[takluyver]

In principle, yes, that seems like a reasonable compromise. It will need to be pretty simple, though - nbopen is only about 50 lines of Python code, and I don't want it to grow much bigger. If it can't be made simple enough to merge into nbviewer, you might have to maintain a custom fork.

[mforbes]

Okay. I think this will be a very small change (no more complicated than the check to not walk past the user's home directory). Let me know when you have some time: I would like to chat about a few related things, but there is no hurry.