Complete security policy with mentions of remote code #29707
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update. |
McPatate
reviewed
Mar 18, 2024
SECURITY.md
Outdated
| by the transformers library), as developed specifically to prevent code execution in your runtime. | ||
|
|
||
| Transformers will default to downloading models in this format if available, but will get other formats available | ||
| if `safetensors` isn't available. You can force this format by using the `use_safetensors` parameter. |
There was a problem hiding this comment.
I would rephrase this to say something like "if you want to avoid loading pickle files, you can use the use_safetenstors parameter. In the event that no .safetensors file is present, transformers will error when loading the model"
| are defined within the model repositories on the Hugging Face Hub. | ||
|
|
||
| These models require the `trust_remote_code=True` parameter to be set when using them; please **always** verify | ||
| the content of the modeling files when using this argument. We recommend setting a revision in order to ensure you |
There was a problem hiding this comment.
We could add a link to the function parameter that allows to pass a fixed revision
|
+1. Nice work |
LysandreJik
commented
Mar 20, 2024
Co-authored-by: Luc Georges <McPatate@users.noreply.github.com> Co-authored-by: Michelle Habonneau <83347449+Michellehbn@users.noreply.github.com>
1 task
diogoteles08
suggested changes
Mar 20, 2024
Co-authored-by: Diogo Teles Sant'Anna <diogoteles@google.com>
hovnatan
pushed a commit
to hovnatan/transformers
that referenced
this pull request
Mar 27, 2024
) * Security policy * Apply suggestions from code review Co-authored-by: Luc Georges <McPatate@users.noreply.github.com> Co-authored-by: Michelle Habonneau <83347449+Michellehbn@users.noreply.github.com> * Update SECURITY.md Co-authored-by: Diogo Teles Sant'Anna <diogoteles@google.com> --------- Co-authored-by: Luc Georges <McPatate@users.noreply.github.com> Co-authored-by: Michelle Habonneau <83347449+Michellehbn@users.noreply.github.com> Co-authored-by: Diogo Teles Sant'Anna <diogoteles@google.com>
itazap
pushed a commit
that referenced
this pull request
May 14, 2024
* Security policy * Apply suggestions from code review Co-authored-by: Luc Georges <McPatate@users.noreply.github.com> Co-authored-by: Michelle Habonneau <83347449+Michellehbn@users.noreply.github.com> * Update SECURITY.md Co-authored-by: Diogo Teles Sant'Anna <diogoteles@google.com> --------- Co-authored-by: Luc Georges <McPatate@users.noreply.github.com> Co-authored-by: Michelle Habonneau <83347449+Michellehbn@users.noreply.github.com> Co-authored-by: Diogo Teles Sant'Anna <diogoteles@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.