This is an automated email from the ASF dual-hosted git repository.
tlopex pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tvm.git
The following commit(s) were added to refs/heads/main by this push:
new 057aa10b58 [DOCS] Clarify trusted usage (#18718)
057aa10b58 is described below
commit 057aa10b58a7c65818784ffdfe80517d5d01bd96
Author: Tianqi Chen <[email protected]>
AuthorDate: Fri Feb 6 12:10:51 2026 -0500
[DOCS] Clarify trusted usage (#18718)
This docs clarifies trusted url requirements
---
docs/reference/security.rst | 2 ++
1 file changed, 2 insertions(+)
diff --git a/docs/reference/security.rst b/docs/reference/security.rst
index 6093063bd9..cb18a1df07 100644
--- a/docs/reference/security.rst
+++ b/docs/reference/security.rst
@@ -43,6 +43,8 @@ The runtime depends on a limited set of system calls(e.g.
malloc) in the system
TVM RPC server assumes that the user is trusted and needs to be used in a
trusted network environment
and encrypted channels. It allows writings of arbitrary files into the server
and provide
full remote code execution capabilities to anyone who can access this API.
+All of the TVM APIs are designed to be used by trusted users, for APIs that
involves URL,
+we expect users to put in only trusted URLs.
AutoTVM data exchange between the tracker, server and client are in plain-text.
