Buckets:
| <meta charset="utf-8" /><meta name="hf:doc:metadata" content="{"title":"Model safety.","local":"model-safety","sections":[],"depth":1}"> | |
| <link href="/docs/text-generation-inference/main/en/_app/immutable/assets/0.e3b0c442.css" rel="modulepreload"> | |
| <link rel="modulepreload" href="/docs/text-generation-inference/main/en/_app/immutable/entry/start.1810066f.js"> | |
| <link rel="modulepreload" href="/docs/text-generation-inference/main/en/_app/immutable/chunks/scheduler.362310b7.js"> | |
| <link rel="modulepreload" href="/docs/text-generation-inference/main/en/_app/immutable/chunks/singletons.fa2b0eb7.js"> | |
| <link rel="modulepreload" href="/docs/text-generation-inference/main/en/_app/immutable/chunks/index.7f53ec41.js"> | |
| <link rel="modulepreload" href="/docs/text-generation-inference/main/en/_app/immutable/chunks/paths.284aef40.js"> | |
| <link rel="modulepreload" href="/docs/text-generation-inference/main/en/_app/immutable/entry/app.8cfc1931.js"> | |
| <link rel="modulepreload" href="/docs/text-generation-inference/main/en/_app/immutable/chunks/index.57dfc70d.js"> | |
| <link rel="modulepreload" href="/docs/text-generation-inference/main/en/_app/immutable/nodes/0.543c9bd9.js"> | |
| <link rel="modulepreload" href="/docs/text-generation-inference/main/en/_app/immutable/chunks/each.e59479a4.js"> | |
| <link rel="modulepreload" href="/docs/text-generation-inference/main/en/_app/immutable/nodes/8.2d150233.js"> | |
| <link rel="modulepreload" href="/docs/text-generation-inference/main/en/_app/immutable/chunks/CodeBlock.d3c47f83.js"> | |
| <link rel="modulepreload" href="/docs/text-generation-inference/main/en/_app/immutable/chunks/EditOnGithub.9633c464.js"><!-- HEAD_svelte-u9bgzb_START --><meta name="hf:doc:metadata" content="{"title":"Model safety.","local":"model-safety","sections":[],"depth":1}"><!-- HEAD_svelte-u9bgzb_END --> <p></p> <h1 class="relative group"><a id="model-safety" class="header-link block pr-1.5 text-lg no-hover:hidden with-hover:absolute with-hover:p-1.5 with-hover:opacity-0 with-hover:group-hover:opacity-100 with-hover:right-full" href="#model-safety"><span><svg class="" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" width="1em" height="1em" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 256"><path d="M167.594 88.393a8.001 8.001 0 0 1 0 11.314l-67.882 67.882a8 8 0 1 1-11.314-11.315l67.882-67.881a8.003 8.003 0 0 1 11.314 0zm-28.287 84.86l-28.284 28.284a40 40 0 0 1-56.567-56.567l28.284-28.284a8 8 0 0 0-11.315-11.315l-28.284 28.284a56 56 0 0 0 79.196 79.197l28.285-28.285a8 8 0 1 0-11.315-11.314zM212.852 43.14a56.002 56.002 0 0 0-79.196 0l-28.284 28.284a8 8 0 1 0 11.314 11.314l28.284-28.284a40 40 0 0 1 56.568 56.567l-28.285 28.285a8 8 0 0 0 11.315 11.314l28.284-28.284a56.065 56.065 0 0 0 0-79.196z" fill="currentColor"></path></svg></span></a> <span>Model safety.</span></h1> <p data-svelte-h="svelte-iq08hd"><a href="https://pytorch.org/docs/master/generated/torch.load.html" rel="nofollow">Pytorch uses pickle</a> by default meaning that for quite a long while | |
| <em>Every</em> model using that format is potentially executing unintended code while purely loading the model.</p> <p data-svelte-h="svelte-1n663p">There is a big red warning on Python’s page for pickle <a href="https://docs.python.org/3/library/pickle.html" rel="nofollow">link</a> but for quite a while | |
| this was ignored by the community. Now that AI/ML is getting used much more ubiquitously we need to switch away from this format.</p> <p data-svelte-h="svelte-11zuy2y">HuggingFace is leading the effort here by creating a new format which contains pure data (<a href="https://github.com/huggingface/safetensors" rel="nofollow">safetensors</a>) | |
| and moving slowly but surely all the libs to make use of it by default. | |
| The move is intentionnally slow in order to make breaking changes as little impact as possible on users throughout.</p> <h1 class="relative group"><a id="tgi-20" class="header-link block pr-1.5 text-lg no-hover:hidden with-hover:absolute with-hover:p-1.5 with-hover:opacity-0 with-hover:group-hover:opacity-100 with-hover:right-full" href="#tgi-20"><span><svg class="" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" width="1em" height="1em" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 256"><path d="M167.594 88.393a8.001 8.001 0 0 1 0 11.314l-67.882 67.882a8 8 0 1 1-11.314-11.315l67.882-67.881a8.003 8.003 0 0 1 11.314 0zm-28.287 84.86l-28.284 28.284a40 40 0 0 1-56.567-56.567l28.284-28.284a8 8 0 0 0-11.315-11.315l-28.284 28.284a56 56 0 0 0 79.196 79.197l28.285-28.285a8 8 0 1 0-11.315-11.314zM212.852 43.14a56.002 56.002 0 0 0-79.196 0l-28.284 28.284a8 8 0 1 0 11.314 11.314l28.284-28.284a40 40 0 0 1 56.568 56.567l-28.285 28.285a8 8 0 0 0 11.315 11.314l28.284-28.284a56.065 56.065 0 0 0 0-79.196z" fill="currentColor"></path></svg></span></a> <span>TGI 2.0</span></h1> <p data-svelte-h="svelte-10y3iui">Since the release of TGI 2.0, we take the opportunity of this major version increase to break backward compatibility for these pytorch | |
| models (since they are a huge security risk for anyone deploying them).</p> <p data-svelte-h="svelte-17vjzbw">From now on, TGI will not convert automatically pickle files without having <code>--trust-remote-code</code> flag or <code>TRUST_REMOTE_CODE=true</code> in the environment variables. | |
| This flag is already used for community defined inference code, and is therefore quite representative of the level of confidence you are giving the model providers.</p> <p data-svelte-h="svelte-dzkk7w">If you want to use a model that uses pickle, but you still do not want to trust the authors entirely we recommend making a convertion on our space made for that.</p> <p data-svelte-h="svelte-9vtf3h"><a href="https://huggingface.co/spaces/safetensors/convert" rel="nofollow">https://huggingface.co/spaces/safetensors/convert</a></p> <p data-svelte-h="svelte-1c2711g">This space will create a PR on the original model, which you are use directly regardless of merge status from the original authors. Just use</p> <div class="code-block relative"><div class="absolute top-2.5 right-4"><button class="inline-flex items-center relative text-sm focus:text-green-500 cursor-pointer focus:outline-none transition duration-200 ease-in-out opacity-0 mx-0.5 text-gray-600 " title="code excerpt" type="button"><svg class="" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" fill="currentColor" focusable="false" role="img" width="1em" height="1em" preserveAspectRatio="xMidYMid meet" viewBox="0 0 32 32"><path d="M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z" transform="translate(0)"></path><path d="M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z" transform="translate(0)"></path><rect fill="none" width="32" height="32"></rect></svg> <div class="absolute pointer-events-none transition-opacity bg-black text-white py-1 px-2 leading-tight rounded font-normal shadow left-1/2 top-full transform -translate-x-1/2 translate-y-2 opacity-0"><div class="absolute bottom-full left-1/2 transform -translate-x-1/2 w-0 h-0 border-black border-4 border-t-0" style="border-left-color: transparent; border-right-color: transparent; "></div> Copied</div></button></div> <pre class=""><!-- HTML_TAG_START -->docker run .... --revision refs<span class="hljs-regexp">/pr/</span>#ID # Or use REVISION=refs<span class="hljs-regexp">/pr/</span>#ID in the environment<!-- HTML_TAG_END --></pre></div> <a class="!text-gray-400 !no-underline text-sm flex items-center not-prose mt-4" href="https://github.com/huggingface/text-generation-inference/blob/main/docs/source/basic_tutorials/safety.md" target="_blank"><span data-svelte-h="svelte-1kd6by1"><</span> <span data-svelte-h="svelte-x0xyl0">></span> <span data-svelte-h="svelte-1dajgef"><span class="underline ml-1.5">Update</span> on GitHub</span></a> <p></p> | |
| <script> | |
| { | |
| __sveltekit_1dfb6m4 = { | |
| assets: "/docs/text-generation-inference/main/en", | |
| base: "/docs/text-generation-inference/main/en", | |
| env: {} | |
| }; | |
| const element = document.currentScript.parentElement; | |
| const data = [null,null]; | |
| Promise.all([ | |
| import("/docs/text-generation-inference/main/en/_app/immutable/entry/start.1810066f.js"), | |
| import("/docs/text-generation-inference/main/en/_app/immutable/entry/app.8cfc1931.js") | |
| ]).then(([kit, app]) => { | |
| kit.start(app, element, { | |
| node_ids: [0, 8], | |
| data, | |
| form: null, | |
| error: null | |
| }); | |
| }); | |
| } | |
| </script> | |
Xet Storage Details
- Size:
- 8.71 kB
- Xet hash:
- 977cdcb591cdc26233bab075864d5a23a5a3f13eb10a274115662ff331811902
·
Xet efficiently stores files, intelligently splitting them into unique chunks and accelerating uploads and downloads. More info.