Spawner detail list: updates from code review

rkdarst · rkdarst · commit d4e21f493787 · 2018-08-08T10:54:47.000+03:00
- Thanks @willingc
diff --git a/README.md b/README.md
@@ -90,7 +90,11 @@ Unless otherwise stated for a specific spawner, assume that spawners
 *do* evaluate shell environment for users and thus the [security
 requriemnts of JupyterHub security for untrusted
 users](https://jupyterhub.readthedocs.io/en/stable/reference/websecurity.html)
-are not fulfilled.  This is something which we are working on.
+are not fulfilled because some (most?) spawners *do* start a user
+shell which will execute arbitrary user environment configuration
+(``.profile``, ``.bashrc`` and the like) unless users do not have
+access to their own cluster user account.  This is something which we
+are working on.
 
 
 ## Provide different configurations of BatchSpawner
diff --git a/SPAWNERS.md b/SPAWNERS.md
@@ -42,8 +42,13 @@ Maintainers:
 
 # Checklist for making spawners
 
+Please document each of these things under the spawner list above, -
+even if it is "OK", we need to track status of all spawners.  If it is
+a bug, users really need to know.
+
 - Does your spawner read shell environment before starting?  (See
-  [Jupyterhub Security](https://jupyterhub.readthedocs.io/en/stable/reference/websecurity.html).
+  [Jupyterhub
+  Security](https://jupyterhub.readthedocs.io/en/stable/reference/websecurity.html).
 
 - Does your spawner send SIGTERM to the jupyterhub-singleuser process
   before SIGKILL?  It should, so that the process can terminate
