I just wanted to add to this a big thank you to Rollin, Rick and others who stepped up to organize a more public/structured effort on this topic. For years many on the team have done a quiet but intense amount of work handling security concerns (@carreau, @minrk, @takluyver deserve special kudos for lots of fast-response events!), but we really need to have a more visible and understandable landing point for this topic.
Everyone interested in this topic should feel free to ping here, or open issues in the repo, to start participating! This is not a closed effort, quite the opposite, so we hope nobody feels left out. We simply jumped on the opportunity that Rollin came to the Friday governance call and decided to quickly put up the scaffolding (github repo and team, and this thread) for others to aggregate.
Thanks again, both to all who have done so much hard in the past, and to Rollin and Rick for stepping up now.
We look forward to the upcoming Jupyter Community Workshop on Security as a great rallying point for all interested parties. They will follow up with more details.