Adding `safetensors` variant of this model
This is an automated PR created with https://huggingface.co/spaces/safetensors/convert
This new file is equivalent to pytorch_model.bin
but safe in the sense that
no arbitrary code can be put into it.
These files also happen to load much faster than their pytorch counterpart:
https://colab.research.google.com/github/huggingface/notebooks/blob/main/safetensors_doc/en/speed.ipynb
The widgets on your model page will run using this model even if this is not merged
making sure the file actually works.
If you find any issues: please report here: https://huggingface.co/spaces/safetensors/convert/discussions
Feel free to ignore this PR.
@davda54 Out of curiosity, why do you not want to add a safetensors variant? More info here: https://huggingface.co/docs/safetensors/index It's highly recommended!
@BramVanroy A year ago, when I accepted such a PR for our NorBERT model, its loading stopped working. It's quite likely that HF fixed the issue, but I still don't trust these automatic conversions. I can see the benefits for large models, but do you think it's worth having a safetensors checkpoint for such a small model?
I do. The benefit of safetensors is not just speed (although that's a nice benefit). The emphasis is on the "safe" aspect. The regular pytorch model bin is not safe as it uses pickle which can contain malicious code. Personally I stay away more and more from models that are not published as safetensors. While I have no doubt that HPLT only has good intentions, there have been hacks before which can then spread malicious code. So it's a safety thing, which in turn fosters trust with the users.
That being said, I can see how it can be "traumatizing" to have it go bad once. Maybe you can read this blogpost and then make up your mind.
https://huggingface.co/blog/safetensors-security-audit