> Keeping the dependency information in a database, which is queried during the resolution process, allows us to choose dependencies using criteria specified by the developer instead of merely importing the latest possible versions, as pip's backtracking algorithm does. You can specify quality criteria depending on the application's traits and environment. For instance, applications deployed to production environments must be secure, so it is important that dependencies do not introduce vulnerabilities. When a data scientist trains a machine learning model in an isolated environment, however, it is acceptable to use dependency versions that are vulnerable but offer a performance gain, thus saving time and resources.
This seems like a really bad idea to me. I could understand and perhaps get behind the idea that you might use something like this to find the optimal version of a package to use in a given project, but unexpected differences between your development environment and production are a common source of outages.
That being said, all of the examples and config seems very centered around ML use cases, with the Thamos config accepting settings for OS, cpu, and cuda versions. Is variance in performance between otherwise-compatible versions of ML packages really that big a problem?
ML Engineer: Why does inference for this model take 0.9s per-call?!
Data scientist: I have no idea, inferences take 0.1s on average in my environment?
I jest but I've also lived this experience with data scientists developing an algorithm on Windows with one set of wheels, and the same code being deployed to Linux with a different set of binaries and the whole thing running 10x slower. We fixed it, but it was an unnecessary headache.
When PyTorch fails to load the CUDA runtime for any reason, it falls back to CPU, often silently, and becomes more than 20 times slower on CNN inference. Not sure if this system could avoid it. Debugging that remotely on a user’s system was fun.
Yeah this sounds like a terrible idea. The current goal is to build reproducible and hermetic builds. By adding more complexity it’ll be much more difficult to get the same artifact, build after build as well as give another method for attackers to achieve supply chain injections.
The actual Egyptian pronunciation, as best as we can reconstruct it, uses sounds that didn't exist in either ancient Greek or even Coptic, and don't quite exist in modern English either. I think you'd be entirely justified using another sound if your language doesn't have English "th".