Except the vast majority of the kernel is in driver modules.
So for an individual machine, the attack surface is not really any bigger than it needs to be.
The OS will only load modules it needs for your hardware, so the “bloat” only exists at the source code and binary size level. You are free to compile an optimized binary for your hardware. The complete kernel binary should fit in a 200MB boot partition.
As for maintenance, that’s a fair point, but the effort is at least somewhat distributed if hardware devs provide the drivers.
Except the vast majority of the kernel is in driver modules.
So for an individual machine, the attack surface is not really any bigger than it needs to be.
The OS will only load modules it needs for your hardware, so the “bloat” only exists at the source code and binary size level. You are free to compile an optimized binary for your hardware. The complete kernel binary should fit in a 200MB boot partition.
As for maintenance, that’s a fair point, but the effort is at least somewhat distributed if hardware devs provide the drivers.