While I do not build LFS regularly or for production use, the security improvement typically comes from the fact that the end system is _super_small_ and focused. Less software means less attack surface.
Sure, compromised binaries are nasty but personally I do place quite a lot of trust with the distribution repos.
(PS, if you are reading this and contribute packages to distribution repos: Thank you!)
Sure, compromised binaries are nasty but personally I do place quite a lot of trust with the distribution repos.
(PS, if you are reading this and contribute packages to distribution repos: Thank you!)