Seems pretty common though, for defining custom architecture configs whatnot?
AFAIK the "remote code" is still openly hosted on huggingface so you can audit it if you like. Seems no more dangerous than things like `pip install some_random_library`?
This has become less common in recent days, at least for image generation (e. g. safetensors in Stable Diffusion).
The point of opensource models is that they can be finetuned. When many people create finetuned versions, a zoo of models appear. So far so good (maybe), but the bad practice of using untrusted code from the zoo sooner or later will lead to a wave of cryptominers, ransomware, and credential theft incidents.
I like this pip metaphor. If we had required `--trust-remote-code` for every `npm install` we could have avoided left-pad and most of the software supply chain drama in the past years.
AFAIK the "remote code" is still openly hosted on huggingface so you can audit it if you like. Seems no more dangerous than things like `pip install some_random_library`?