security : add note about RPC and server functionality (#13061)

author Georgi Gerganov <redacted>

Tue, 22 Apr 2025 13:16:10 +0000 (16:16 +0300)

committer GitHub <redacted>

Tue, 22 Apr 2025 13:16:10 +0000 (16:16 +0300)
author Georgi Gerganov <redacted>
Tue, 22 Apr 2025 13:16:10 +0000 (16:16 +0300)
committer GitHub <redacted>
Tue, 22 Apr 2025 13:16:10 +0000 (16:16 +0300)
diff --git a/SECURITY.md b/SECURITY.md

index 6a1bb6c32cd8ef8059232d803a6ad2c66f905661..9370fb1a8832143b3faa9aa8f44edc47f6816f8e 100644 (file)
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -40,7 +40,8 @@ To protect sensitive data from potential leaks or unauthorized access, it is cru
  ### Untrusted environments or networks
  
  If you can't run your models in a secure and isolated environment or if it must be exposed to an untrusted network, make sure to take the following security precautions:
-* Confirm the hash of any downloaded artifact (e.g. pre-trained model weights) matches a known-good value
+* Do not use the RPC backend, [rpc-server](https://github.com/ggml-org/llama.cpp/tree/master/examples/rpc) and [llama-server](https://github.com/ggml-org/llama.cpp/tree/master/examples/server) functionality (see https://github.com/ggml-org/llama.cpp/pull/13061).
+* Confirm the hash of any downloaded artifact (e.g. pre-trained model weights) matches a known-good value.
  * Encrypt your data if sending it over the network.
  
  ### Multi-Tenant environments
author	Georgi Gerganov <redacted>
	Tue, 22 Apr 2025 13:16:10 +0000 (16:16 +0300)
committer	GitHub <redacted>
	Tue, 22 Apr 2025 13:16:10 +0000 (16:16 +0300)