From: Georgi Gerganov <redacted>
Date: Tue, 22 Apr 2025 13:16:10 +0000 (+0300)
Subject: security : add note about RPC and server functionality (#13061)
X-Git-Tag: upstream/0.0.5185~17
X-Git-Url: https://git.djapps.eu/?a=commitdiff_plain;h=ab47dec3d37aa1927c2ec590e166b76141374ed3;p=pkg%2Fggml%2Fsources%2Fllama.cpp

security : add note about RPC and server functionality (#13061)

* security : add note about RPC functionality

* security : add note about llama-server
---

diff --git a/SECURITY.md b/SECURITY.md
index 6a1bb6c3..9370fb1a 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -40,7 +40,8 @@ To protect sensitive data from potential leaks or unauthorized access, it is cru
 ### Untrusted environments or networks
 
 If you can't run your models in a secure and isolated environment or if it must be exposed to an untrusted network, make sure to take the following security precautions:
-* Confirm the hash of any downloaded artifact (e.g. pre-trained model weights) matches a known-good value
+* Do not use the RPC backend, [rpc-server](https://github.com/ggml-org/llama.cpp/tree/master/examples/rpc) and [llama-server](https://github.com/ggml-org/llama.cpp/tree/master/examples/server) functionality (see https://github.com/ggml-org/llama.cpp/pull/13061).
+* Confirm the hash of any downloaded artifact (e.g. pre-trained model weights) matches a known-good value.
 * Encrypt your data if sending it over the network.
 
 ### Multi-Tenant environments