Hi Samuel, This is a popular pure Python package. It seems to have a history of non-breaking releases, so I would not mind adding it if it makes our lives much easier (and keeps us from reinventing the wheel when implementing algorithms.) As a maintainer of SageMath in conda-forge, I don't mind new dependencies if they are very easy to package, popular, and actively maintained. While I am very much in favor of making SageMath more modular and I believe that some of our dependencies are a problem, I don't think that such pure Python dependencies are causing any issues here.
I am not too worried about the security implications here. more-itertools is according to GitHub used by 118k projects. So, if it gets compromised we'll know before we release a new version of SageMath and actually before we even consider upgrading our SPKG. more-itertools is already packaged in the distributions I checked (Debian/Ubuntu, ArchLinux, conda-forge) btw. julian -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/sage-devel/fd52c63c-4158-4917-a3f7-7901d2caac02n%40googlegroups.com.
