Pickle containing files (PT / CKPT ) - safe to use on repo?

[TheOnlyHolyMoly]

Hello,

probably a question that ya'll know the answer to. Is the standard loading mechanism for pickle files such as embeddings/TI (.pt files) and checkpoints (ckpt files) now so safe that I can just use them without worrying or do I still need to pickle-scan and/or convert externally?

[vladmandic]

it was built-in for a long time, but i've never actually found an attack vector anywhere so currently its disabled. idea of attack via pt/ckpt is more of a theory than anything. if anyone can show me more than theorhetical attack, i'll re-enable it.

in reality, you're at muuuch higher risk due to bad extension and installing extension gives it full rights to do anything it wants (and i've seen some bad ones for sure).