Add security warning about the from_pretrained() method (#18801)

* Add security warning about from_pretrained() method * Add sentence about malware scanner Co-authored-by: Julien Chaumond <julien@huggingface.co>

Add security warning about the from_pretrained() method (#18801)
* Add security warning about from_pretrained() method * Add sentence about malware scanner Co-authored-by: Julien Chaumond <julien@huggingface.co>
80367cd1 · lewtun · GitHub · 7e7f7434 · 80367cd1
Unverified Commit 80367cd1 authored Aug 31, 2022 by lewtun Committed by GitHub Aug 31, 2022
Show whitespace changes
Inline Side-by-side

Showing with 7 additions and 1 deletion

docs/source/en/autoclass_tutorial.mdx docs/source/en/autoclass_tutorial.mdx +7 -1

No files found.
--- a/docs/source/en/autoclass_tutorial.mdx
+++ b/docs/source/en/autoclass_tutorial.mdx
@@ -12,7 +12,7 @@ specific language governing permissions and limitations under the License.

 # Load pretrained instances with an AutoClass

-With so many different Transformer architectures, it can be challenging to create one for your checkpoint. As a part of 🤗 Transformers core philosophy to make the library easy, simple and flexible to use, an `AutoClass` automatically infer and load the correct architecture from a given checkpoint. The `from_pretrained` method lets you quickly load a pretrained model for any architecture so you don't have to devote time and resources to train a model from scratch. Producing this type of checkpoint-agnostic code means if your code works for one checkpoint, it will work with another checkpoint - as long as it was trained for a similar task - even if the architecture is different.
+With so many different Transformer architectures, it can be challenging to create one for your checkpoint. As a part of 🤗 Transformers core philosophy to make the library easy, simple and flexible to use, an `AutoClass` automatically infer and load the correct architecture from a given checkpoint. The `from_pretrained()` method lets you quickly load a pretrained model for any architecture so you don't have to devote time and resources to train a model from scratch. Producing this type of checkpoint-agnostic code means if your code works for one checkpoint, it will work with another checkpoint - as long as it was trained for a similar task - even if the architecture is different.

 <Tip>

@@ -95,6 +95,12 @@ Easily reuse the same checkpoint to load an architecture for a different task:
 >>> model = AutoModelForTokenClassification.from_pretrained("distilbert-base-uncased")
 ```

+<Tip warning={true}>
+
+For PyTorch models, the `from_pretrained()` method uses `torch.load()` which internally uses `pickle` and is known to be insecure. In general, never load a model that could have come from an untrusted source, or that could have been tampered with. This security risk is partially mitigated for public models hosted on the Hugging Face Hub, which are [scanned for malware](https://huggingface.co/docs/hub/security-malware) at each commit. See the [Hub documentation](https://huggingface.co/docs/hub/security) for best practices like [signed commit verification](https://huggingface.co/docs/hub/security-gpg#signing-commits-with-gpg) with GPG.
+
+</Tip>
+
 Generally, we recommend using the `AutoTokenizer` class and the `AutoModelFor` class to load pretrained instances of models. This will ensure you load the correct architecture every time. In the next [tutorial](preprocessing), learn how to use your newly loaded tokenizer, feature extractor and processor to preprocess a dataset for fine-tuning.
 </pt>
 <tf>