Closed wllhf closed 3 months ago
@wllhf Thanks for the positive feedback.
It inherits the behaviour of "SentenceTransformers", it will automatically filter certain files, and AFAIK not download the jaxformers weights / rustformers etc. Also the default behaviour is --trust_remote_code=True
in the infinity cli.
I think if you were to modify the safetensors
only - you would shrink your attack vector against various other man-in-the-middle-attacks only slightly. Its only useful for slightly increased security when your testing our 10s/100s of models.
Here are 2 security suggestions from a MLE, if the project is a high security one:
huggingface_hub
has also a offline mode
env variable.@wllhf Does this solve the question for you?
Yes. Thanks!
I'm really grateful for infinity! Thanks a lot! We are thinking about using it in a project with high security demands. Is it possible somehow to only load models via safetensors (or other safe formats) and exclude loading pickled weights? Is there a way knowing which format was used for loading when starting up a model via Infinity?