Hi there, Okay, having read the whole thread, there seem to be two forces pulling on zope.password: * it'd be nice if zope.password had the vocabulary so that you didn't have to include zope.app.authentication anymore just to get it. * it'd be nice if zope.password didn't need any extra dependencies, including zope.component and zope.schema. I think the latter is the least important right now, especially since zope.component and zope.schema are already very foundational libraries. So just add the vocabulary to zope.password if that is the only new dependencies it will pull in as a result. In my opinion going for an extra here just to avoid this is speculating a bit too much right now. Do we really have users that want to use zope.password and really don't want zope.component and zope.schema? If so, we'll hear from them when they speak up and *then* declare an extra or take some other action. Regards, Martijn