Benjamin Bossan

> We can however think of doing something like: > > * load(file, trusted_libs=...): if it fails, there are other reasons for it To me, that sounds very useful, I'd...

> And I'm not saying we shouldn't support the API to trust particular libraries Sorry, I didn't mean to imply that, I just wanted to give my opinion from a...

> But for others, we can use "Security Advisories" on github That seems to be almost overkill for now :D I just want a reminder, so that we don't forget...

This has been added in #172 so closing the PR. Still thanks for your work.

RFC @skops-dev/maintainers

> It seems to me this is calling the same audit method for all state types. Yes, but of course it's easy to implement an audit function that checks the...

> I think this approach is over-complicating what we need to do. It might be very extensible, but it reminds me of the comic where the requirement is a bike...

Closing in favor of #204

> but I also worry that those people who send such PRs are the kind who also don't read contributing guidelines That might be the case for some, but there...

I'm not an expert in cryptography, so maybe I'm not always using the correct words. > a hash of the stored object That's what I meant. I'm not exactly sure...