After upgrading to 4.2.0, I notice that individual firmware packages are no longer dependent on each other (although linux-firmware is not granular at all), so uninstalling some of them works.
However, the qubes-dist-upgrade installed 45 new packages as “weak dependencies” (not required by any other package), among which:
- cpp (is anyone compiling code in dom0? no package requires that)
- hunspell-en (is anyone supposed to spell check in dom0?)
- exiv2 (is anyone supposed to manage image metadata in dom0?)
- nano-default-editor (considering we already have vim?)
- ntfs-3g-system-compression (who uses ntfs in dom0 at all?)
- pinenentry (not required by any package at all, according to
repoquery -q --installed --whatrequires pinentry) - tracker-miners
etc.
Additionally, curl got installed because rpm-0:4.18.2-1.fc37.x86_64 requires it.
IMO, this is moving from bad to worse and goes against all the talk about minimalism as a security measure.