[kalinkochnev]

Disclaimer: I've never used pytorch and I also know nothing about software security practices.

But I don't see a scenario where pytorch needs network access. It seems wrong that at any level within the codebase I can import any module and use its API.

I think there need to be additional import restrictions or static analysis.

This also seems like languages do not have the right abstractions to talk about this stuff. As a comparison, I like how in rust I can look at the function signature and see the mutability and lifetimes of everything without understanding any of the code underneath.

I feel there needs to be something similar here with dependencies. A dev should be able to audit all their dependencies easily and see "oh dep X uses eval()" or network access, etc without looking at any underlying code.

Mobile apps enforce permissions. Shouldn't a dev be able to whitelist certain functionality and not take everything including the kitchen sink.

[mr-wendel]

The python ecosystem will never permit this, but I sure wish this topic was better understood and appreciated within it. I hate to generalize, but the AI dev community in particular seems to favor convenience over every other consideration.

For example, the norm for projects is to happily automatically download large models upon first use. Often you can disable this, but the deep layering of code classes throughout various libraries makes discovering the right parameters a PITA.

It is great that you can bootstrap complex things (toys, more often than not) so painlessly, but I find the permissiveness quite jarring. The first troubleshooting step always seems to be “pip install …” and some environments (e.g. MacOS) don't virtualize GPU access well.

[woodson]

> But I don't see a scenario where pytorch needs network access.

Training models across multiple compute nodes? That’s a big one.