I've never quite understood what d-bus is for and what it does. What kind of things wouldn't work without it?
Me neither - given that the internals stay obscure.
It's not exactly hard to look it up IMO, this could be a good read:
https://en.wikipedia.org/wiki/D-Bus
This does mostly talk about theoretical concepts - it does not explain how the thing would actually achieve that (and therefore compromise the system).
So, what we know is: we are forced to compile that d-bus into application. And, since some couple of months, we are also forced to install it.
We also know: it does not run any processes.
The question then is: how does it achieve what it is explained to achieve? Which kind of IPC does it use, and how does that work? And can it be monitored? (Because, if two entities want to talk to each other on my system, I would like to know about that. Thats why I am running a defined system and not a linux madhouse.)
Each time you launch a gtk3 based GUI programm, dbus processes will spawn.
That's interesting. I've never seen any of these. How would it spawn processes the superuser cannot see?
Now, assuming that this is just
not possible, and therefore the thing is not running any processes here, and still everything works, with some logical thinking I might conclude: it is not really necessary.
Furthermore, if some entities would want to start talking to each other, this is not only a security concern, it also most often means they are trying to develop some kind of AI, that is, try to know better what I want than I know what I want - resulting in the usual bad effects, that is, the system behaving in some way that was not explicitely configured and where we do not know why it does so.