Wow. Less than half of those have any version specified. The rest? "Meh, I don't care, whatever."
Then this beauty:
git+https://github.com/huggingface/peft
I love reaching out to the Internet in the middle of a build pipeline to pull the latest commit of a random repo, because that's so nice and safe, scalable, and cacheable in an artefact repository!
The NPM ecosystem gets regularly excoriated for the exact same mistakes, which by now are so well known, so often warned against, so often exploited, so regularly broken that it's getting boring.
It's like SQL injection. If you're still doing it in 2023, if your site is still getting hacked because of it, then you absolutely deserve to be labelled immature and even childish.
> you absolutely deserve to be labelled immature and even childish
Do you appreciate that people aren't making technical mistakes on purpose just to spite you? Or that maybe some of the folks writing these libraries are experts in fields other than dependency management? Are you an expert in all things? Would you find it helpful if someone identifies one thing that you aren't great at and then calls you names on the internet over that one thing?
There is a pretty significant difference between making a technical critique and just being rude. And being right about the former doesn't make the latter ok.
You're right, Python's ecosystem and dependency management is a shitshow and everybody involved should be ashamed of themselves. But of course there are many "you're holding it wrong" commenters here who are in denial of this fact. It's an absolute pity that Python has become the de-facto language for public ML projects.
> everybody involved should be ashamed of themselves
Have you ever read about how open source project leaders often experience a lot of toxicity and anxiety about trying to keep up with the users they are supporting for free? If not, I suggest you do since this is the exact type of comment that is hurtful and unhelpful.
You both seem right. While the base criticism is correct, the emotion attached to it is only an impediment. Python+ML seems apparently in a "move fast and break things" phase. We should expect rough edges and be calm if we're to address that well.
Literally every example I've seen so far is completely unversioned and mere weeks after being written simply doesn't work as a direct consequence.
E.g: https://github.com/oobabooga/text-generation-webui/blob/ee68...
Take this line:
Which version of torch is this? The latest. Which version of CUDA is this? An incompatible one, apparently. Game over.Check out "requirements.txt":
Wow. Less than half of those have any version specified. The rest? "Meh, I don't care, whatever."Then this beauty:
I love reaching out to the Internet in the middle of a build pipeline to pull the latest commit of a random repo, because that's so nice and safe, scalable, and cacheable in an artefact repository!The NPM ecosystem gets regularly excoriated for the exact same mistakes, which by now are so well known, so often warned against, so often exploited, so regularly broken that it's getting boring.
It's like SQL injection. If you're still doing it in 2023, if your site is still getting hacked because of it, then you absolutely deserve to be labelled immature and even childish.