alt Hacker NewsWhen you run their demo locally, there are two places that trigger a warning that the code loads the weights unsafely. To learn more about this issue, search "pytorch model load safety issues" on Google.
When you run their demo locally, there are two places that trigger a warning that the code loads the weights unsafely. To learn more about this issue, search "pytorch model load safety issues" on Google.
I'm sure there's warnings about possibly loading code alongside the weights since they distribute the weights as pickled data, but:
1. It's trivial to go look at what's being loaded.
2. Any code that's in the distributed pickled data is not weights. The GP suggests that there are backdoors hidden in the weights which is nonsensical unless the code runs eval on the weights or something similar, which would make anyone looking at the code immediately realise it was doing something dodgy.
As an example of (1), here's all the GLOBALs in the pickled code:
None of these could be used for anything malicious as far as I know.