Does installing KDE increase the attack surface?

Especially with X11, because the Wayland version of KDE on Qubes OS has too many bugs.
Does using KDE X11 increase attack surface?

On the one hand, bugs in dom0 are not dangerous, because you don’t run untrusted software there, which would exploit them.

On the other hand, there is a long discussion here about importance of minimizing dom0 and its implications for the security.

I would say that the attack surface increases very little, which should only concern you if you defend against serious attackers with huge resources.

Last time I checked, KDE was the DE with the highest number of Lines of Code. It has around 19 million lines of code while Gnome around 18 Millions. Cinnamon under a million and LXQt around half a million. Something like dwm around 2.5 thousand. XFCE has also far less than KDE. I would say something much more complex is not good for security.

Depends on your threat model.

Wayland isn’t supported, yet.

Just be very cautious to install anything else, like themes, widgets etc.
And follow the official installation process, of course: KDE (desktop environment) | Qubes OS

I personally use KDE.