WHAT’S HAPPENING?
Researchers who install their own copies of PyTorch may have downloaded a compromised package and should uninstall it immediately.
WHEN IS IT HAPPENING?
Pytorch-nightly for December 25-30, 2022, is impacted. Please uninstall it immediately if you have installed this version.
WHY IS IT HAPPENING?
A malicious Triton dependency was added to the Python Package Index. See https://pytorch.org/blog/compromised-nightly-dependency/ for details.
WHO IS AFFECTED?
Researchers who install PyTorch on PACE or other services and updated with nightly packages December 25-30. PACE has scanned all .conda and .local directories on our systems and has not identified any copies of the Triton package.
Affected services: All PACE clusters
WHAT DO YOU NEED TO DO?
Please uninstall the compromised package immediately. Details are available at https://pytorch.org/blog/compromised-nightly-dependency/. In addition, please alert PACE at pace-support@oit.gatech.edu to let us know that you have identified an installation on our systems.
WHO SHOULD YOU CONTACT FOR QUESTIONS?
Please contact PACE at pace-support@oit.gatech.edu with questions, or if you are unsure if you have installed the compromised package on PACE.