More specifically, Portage. I know use flags and “optimization” are all the hype, but really, would the average user even see a benefit from customizing all their use flags? Especially a benefit that compensates for the constant compilation?
I installed it once to help grow my e-peen, but immediately switched back to Arch after watching my system compile.
Those who daily drive it, do compilation and use flags annoy you, and do you see any real benefit?
How would in decrease the attack surface?
You need not only need the application and required libraries, you also need the full tool chain to build it, I don’t see how this doesn’t drastically increase the attack surface.
Because you can compile parts out of many programs and suites; you can also change dependencies, such as never including audio support or MP3 libs for anything. Sure it means no sound but if you’re on a system without speakers then it’s no real loss and you’ve reduced your attack surface.
You still need all the tools need to compile, which you don’t need if you only use binaries. The resulting binary might be smaller, but the overall process is much larger.
Unless you are going to do a security audit on each step of the build process, I don’t see how you are reducing the attack surface.
Go through this https://www.gentoo.org/support/security/
Most people have some compilation tools installed on a binary based Linux, the tool chain yes would increase the surface too but being able to entirely remove specific parts of the os or say kernel code that is entirely unused reduces your surface. You can’t expoilt code that isn’t there.