Benjamin Bossan

> I don't think that's very useful, since whoever can tamper the artifact, can tamper with the checksum as well. That's true, but say, I download the model from a...

> If you get a MITM for the file, you can also get a MITM for the checksum. I think there can be situations where the model file was tampered...

A possible exploit could be if there is a website that mirrors the content. Of course, those could have been tampered with, but if the fingerprint matches with the one...

> I don't see why people would need to go through mirrors when interacting with the hub, but I may be mistaken :) If skops persistence finds adoption, it could...

That sounds good, we can start with `__getstate__` & `__setstate__` and hopefully that's good enough. If it isn't, we can later think about providing more. If we can eventually stop...

> and during load, we'd fail if we don't know the library, and user can say they trust the source kinda thing. That's what I meant. How would the API...

> Packages can run arbitrary code through `.pth` files. We don't need `setup.py` to run arbitrary code :D Oh man, it never stops, does it? Okay, so we can basically...

> But we need to make sure we invalidate that whenever the `_model` changes. This could be done with a setter but maybe we can come up with an easier...

@p-mishra1 Just to make sure, what is the state of this PR? Are you waiting for input from our side?

> > 1. We need to have a test for this. If you need help implementing the test, let us know. > > Yes sure, there will be same test...