Merge pull request #21 from Gastron/patch-1

pplantinga · web-flow · commit a230105d5ede · 2023-12-13T09:44:21.000-05:00
Add a security note in the README
diff --git a/README.md b/README.md
@@ -17,6 +17,12 @@ up python files for data analysis to just the bare algorithm.
 * [How to use HyperPyYAML](#how-to-use-hyperpyyaml)
 * [Conclusion](#conclusion)
 
+### Security note
+Loading HyperPyYAML allows arbitrary code execution. 
+This is a feature: HyperPyYAML allows you to construct *anything* and *everything*
+you need in your experiment.
+However, take care to verify any untrusted recipes' YAML files just as you would verify the Python code.
+
 YAML basics
 -----------
 
