It seems that most Linux distros include software for a far wider range of uses than any one implementation is ever likely to need. Every piece of software is a potential source of malevolent code and so there is a possibility that a particular computer may become compromised from malevolent code which was in a package that was never going to be used. Would it not be much more secure for a very minimal set of packages to be included and other packages only installed if they are required (that could be automated so no need for an administrator). I can see this would still be open to exploitation but I also think it might make it more difficult for systems to be compromised.
I was wondering if this idea has been discussed and what conclusions were reached.
I was wondering if this idea has been discussed and what conclusions were reached.