| # Security Policy |
|
|
| ## Scope |
|
|
| BatteryMHM is a research library for harmonic-feature modeling. It does not |
| handle credentials, network services, or user data, so its attack surface is |
| small. Still, we take correctness and supply-chain integrity seriously. |
|
|
| ## Supported versions |
|
|
| The latest released version (`1.0.0`) is supported. |
|
|
| ## Reporting a vulnerability |
|
|
| If you discover a security issue (for example, a dependency vulnerability, a |
| deserialization risk in user-supplied data, or a way the library could be made |
| to execute untrusted code), please **do not open a public issue**. Instead, |
| report it privately via the Hugging Face model discussion page (mark it as a |
| security concern) or the repository's private advisory channel. |
|
|
| Please include: |
|
|
| - A description of the issue and its impact |
| - Steps to reproduce |
| - Affected version(s) and environment |
|
|
| We aim to acknowledge reports within a few business days and to address |
| confirmed issues promptly. |
|
|
| ## Note on model weights |
|
|
| This repository distributes **no** trained model weights or pickled objects. |
| If you train your own models, never `pickle.load` weights from an untrusted |
| source — pickle can execute arbitrary code on load. |
|
|