Replies: 2 comments
-
|
Hi, thanks for your question: Here is a discussion where I dive a bit more into specifics: Let me know if something is unclear. Cheers ! |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Basically loading pickle file allows arbitrary code execution. Safetensors doesn't allow this as its pure data, just like an image. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I was trying to understand why safetensors are considered safe.
On a very high level - it maps the tensors into safetensor data structure and writes the data in bytes format and its metadata information and deserializes accordingly. No encryption/checksum/cryptography is involved, I think.
I was wondering if you can please kindly help to understand why it is considered safe. Would really appreciate it.
Beta Was this translation helpful? Give feedback.
All reactions