A few months ago I made a small library to sanitize pytorch checkpoints, here it... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

kir-gadjello on March 3, 2023 | parent | context | favorite | on: Facebook LLAMA is being openly distributed via tor...

A few months ago I made a small library to sanitize pytorch checkpoints, here it is: https://github.com/kir-gadjello/safer_unpickle

The usage boils down to

import safer_unpickle from safer_unpickle

safer_unpickle.patch_torch_load()

This overrides default torch unpickler with a relatively safe one. Hope this helps.

eigenvalue on March 3, 2023 [–]

Sounds like this should be the default. Maybe you can submit a PR to the official Torch repo? There is no reason why a static model checkpoint should be potentially dangerous to run.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact