>>> Of course, it's all about the size of what is copied. At some point, it would be better to go witha third party dependency instead of copying its code.
Valid observation - we will need to "weigh" the amount of copied code and see how "heavy" it is. >>> On important aspect of adding external dpendencies is that it' binds ou >>> users, unless they use OSGi. I am not clear as to what this concern actually raises. SSHD has at least one mandatory dependency (*slf4j*) and at least 2 others that are very likely to be used - *Bouncycastle* (the code can work quite smoothly even without it, but many consider it very useful) and *EdDsa* (optional as far as SSHD is concerned, but effectively *must *have for users who require EDDSA keys support). So what does it matter if instead of 1, 2 or 3 dependencies we have 5, 6, 7, or even 10 ? How does this require OSGi ? Isn't Maven/Gradle dependency mechanism good enough ?