I hope this gets a lot more attention. De-pickling objects is as dangerous as running random Python code, for example when installing packages from PyPI. But the malicious pickle route is probably not checked as often as the malicious package route.
Pure-data formats like GGUF are better for this. (Though it's somewhat a shame that Yet Another Binary Format for Matrices is invented, it's nice in that it doesn't have the hairy dependencies of HDF5)
1 comment
[ 2.2 ms ] story [ 13.8 ms ] threadPure-data formats like GGUF are better for this. (Though it's somewhat a shame that Yet Another Binary Format for Matrices is invented, it's nice in that it doesn't have the hairy dependencies of HDF5)