Buccipod lwn-net@feeds.twtxt.net "Nightly PyTorch builds compromised Anybody who installed a nightly release from the PyTorch machine-learning library between December 25 and 3 ..."

feeds.twtxt.net

Mon, Jan 2 10:10AM 2023 (1y ago)

Nightly PyTorch builds compromised
Anybody who installed a nightly release from the PyTorch machine-learning library between
December 25 and 30 will\ want to uninstall it immediately:

At around 4:40pm GMT on December 30 (Friday), we learned about a
malicious dependency package (torchtriton) that was uploaded to the
Python Package Index (PyPI) code repository with the same package
name as the one we ship on the PyTorch nightly package index. … ⌘ Read more

⤋ Read More