Are there plans to move to wayland?

I don’t think it is.

There’s lot of security benefits from minimal software, of course, and I don’t think anyone’s going to contradict that. However QubesOS isn’t built on security by minimizing software, but by compartmentalizing.

The first link you provided is about an issue that has been closed by the dev team as they deemed it “Not planned” as long as dom0 is the default GUI domain.

This does NOT mean that QubesOS’ dom0 will never be minimized, but that to be able to minimize it, we need to move some of its responsibilities to other dedicated domains.

IMHO, minimizing software is not always an option : UX is hard as users have varying needs that should be met at best.

On another note, if you have some work that would bring your vision of minimizing in QubesOS closer to reality, I am very interested.

I don’t think it is.

The second link shows that there is no explicit user trust or any extensive research in reasons to trust the ~1000 (or whatever number) of Fedora packages. There is just someone who “liked” Fedora at certain point in time with no explanation how exactly that happened. So, it is not as simple as everyone trusting Fedora and whatever comes with it in dom0. There is rather an inevitable forced trust due to lack of options and that is more complicated than “I trust ~1000 packages from Fedora”. Even if it was the latter, it is still not a valid reason to trust another N packages, thus making dom0 even more bloated. Hence my question regarding KDE.

On another note, if you have some work that would bring your vision of minimizing in QubesOS closer to reality, I am very interested.

This thread (not my work) was an interesting start:

I thought that the reason why Fedora was chosen was because it was what the developers were most familiar with.

The frozen state of dom0 (no direct update) and the QubesOS build infrastructure make a supply chain attack impossible (as long as you trust the developers to know what they’re doing and not being malicious).
And for the ~1000 packages that come with, each package is fairly minimal, reviewed by independent people, and more and more of these packages are being built with protection against supply chain attack in mind.

That, in addition to the fact that QubesOS is secure by compartmentalization (and dom0 being isolated from network devices), and its peculiar architecture means that malware/supply chain attack not made directly for it won’t impact the system integrity. Or as @solene put it :

As the project is Open-source, we can expect reasonable security against custom-made malware and supply chain attack.

This is absolutely false, as it is with any Open-source project. If you think that QubesOS doesn’t meet your threat model requirement, you can fork/audit the code and make it your own.

It seems obvious that if you can’t trust Fedora, you shouldn’t use it. But QubesOS’ use-case is specific and allow to only have to trust to Fedora up to a certain point, being that while it’s not perfect, I can trust that as long at it doesn’t have network access and as it is reviewed and tested by the QubesOS team (and the users too). Still “reasonably” secure IMHO.

And as for the bloat, this is a matter of opinion. I use KDE Plasma, so I don’t view the supplementary package as bloat.

I do think this is kind of off-topic, if you feel the need to continue this topic we should fork or exchange privately on the matter (and I would be glad too) !

I’ve heard of Nanos before and I’m glad there’s some lead to combine them with QubesOS.

Regarding dom0 minimizing or services/appvm minimizing, if you have some code you’re working on I’ll be honored to contribute. I am looking forward for this in QubesOS.

Re. trust in Fedora I already shared a link to a thread. Here is also a thread about dom0 minimization:

If you decide you can use any of them or ask a mod to split the current discussion and I will reply further.

I believe this is what @unman is referencing

Thanks.