• Home
  • Raw
  • Download

Lines Matching +full:pr +full:- +full:dependencies +full:- +full:check

3  - [**Reporting a Vulnerability**](#reporting-a-vulnerability)
4  - [**Using Pytorch Securely**](#using-pytorch-securely)
5    - [Untrusted models](#untrusted-models)
6    - [Untrusted inputs](#untrusted-inputs)
7    - [Data privacy](#data-privacy)
8    - [Using distributed features](#using-distributed-features)
9 - [**CI/CD security principles**](#cicd-security-principles)
12 Beware that none of the topics under [Using Pytorch Securely](#using-pytorch-securely) are consider…
24-- running untrusted models is equivalent to running untrusted code. In general we recommend that …
27 …ted by unknown developers or utilizing data obtained from unknown sources[^data-poisoning-sources].
29 …ind further details and instructions in [this page](https://developers.google.com/code-sandboxing).
31 …dge even though it offers significantly larger surface of attack. Loading un-trusted checkpoint wi…
37 [^data-poisoning-sources]: To understand risks of utilization of data from unknown sources, read th…
46 - Pre-analysis: check how the model performs by default when exposed to prompt injection (e.g. usin…
47 - Input Sanitation: Before feeding data to the model, sanitize inputs rigorously. This involves tec…
48     - Validation: Enforce strict rules on allowed characters and data types.
49     - Filtering: Remove potentially malicious scripts or code fragments.
50     - Encoding: Convert special characters into safe representations.
51- Verification: Run tooling that identifies potential script injections (e.g. [models that detect …
55 …sensitive data**. Prioritize [sandboxing](https://developers.google.com/code-sandboxing) your mode…
56 - Do not feed sensitive data to untrusted model (even if runs in a sandboxed environment)
57 - If you consider publishing a model that was partially trained with sensitive data, be aware that …
70 …e misuse. To prevent this, we require workflow run approval for PRs from non-member contributors. …
72-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches) are …
74-public information and should not be published for use by general audience. One should not have a…
76 …Torch relies heavily on Docker to pre-build and pre-install the dependencies. To prevent a potenti…
78 …lity and more efficient resource utilization, some of the CI runners are non-ephemeral, i.e., work…
83- All binary builds/upload jobs must be run on ephemeral runners, i.e., on a machine that is alloc…
84- All binary builds are cold-start builds, i.e., distributed caching/incremental builds are not pe…
85- All upload jobs are executed in a [deployment environments](https://docs.github.com/en/actions/d…
86- Security credentials needed to upload binaries to PyPI/conda or stable indexes `download.pytorch…
87- No binary artifacts should be published to GitHub releases pages, as these are overwritable by a…