Adrian, I am afraid that there is a misunderstanding. The code part which is compiled with -march=native is never executed by default.
There is a command line option which allows users to select the code which is used for certain time critical calculations (dot product). A wrong choice is not a security problem but simply will crash the application, no matter whether the user selected "native", "avx" or "neon". That's quite common for other packages including the standard C library and scientific libraries, too. They all contain optimized functions which require certain hardware and which crash otherwise. Regards Stefan
