Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You will get more users if you provide a safetensors file instead of bin and pickletensors a lot of people have gotten really scared by the malware scare that was going through social media a few months ago.


Thank you for note on this. I had not heard there were already trojan horse malware being slipped into tensor files as python scripts. Apparently torch pickle uses eval on the tensor file with no filter.

Heard surprisingly little commentary on this topic. The full explanation of how Safetensors are "Safe" can be found from the developer at: https://github.com/huggingface/safetensors/discussions/111


also safetensors security audit: https://huggingface.co/blog/safetensors-security-audit


And for a good reason. A big hunk of floating-point numbers really shouldn't be able to execute arbitrary code. Or any code at all.


I would also ask that sha hashes are posted somewhere. It annoys me to know end how difficult it can be to confirm you are using the real model.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: