The original pass is just a single shell script. It's short, pretty easy to read and likely in part because it's so simple, it's also very stable. The only real dependencies are bash, gnupg and optionally git (history/replication). These are most likely already on your machine and whatever channel you're getting them from (ex: distribution package manager) should be much more resilient to supply chain vulnerabilities.
It can also be used with a pgp smartcard (in my case a Yubikey) so all encryption/decryption happens on the smartcard. Every attempt to decrypt a credential requires a physical button press of the yubikey, making it pretty obvious if some malware is trying to dump the contents of the password store.
Most of the popular touring bikes fit your budget. Really you're just looking for durable, a wide gear range and the capacity to mount gear. Surly disc trucker has historically been one of the most popular as an example, but there are a lot of others.
Also, it can absolutely be done with cheaper. My partner and I finished a 4800 mile trip last year. I used a second hand cyclocross bike that I got off craiglist for ~500 a few years ago. She had a road bike that she bought for 200 from the local bike project.
It looks like at least some of the individuals claiming production issues are pulling the latest version of Axios from a CDN. It doesn't seem like they actively pushed a release to production without adequate testing. Not that I disagree with your overall point, but it's at least a little bit less damning.
The parent comment is still talking about rootless podman (and really just user namespaces). Root in the container is absolutely mapped to the user executing podman outside the container.
If it mapped to root outside the container, you could just use podman to create setuid scripts owned by root for very trivial privelege escalation.
I've happily used systemd-boot in the past, but it's definitely less featureful than grub. Notably, it doesn't support the use of a (LUKS) encrypted boot partition. I'm not even sure it supports /boot on btrfs? Both are necessary if you want to have an encrypted root AND include the matching kernel / initramfs in any snapshots of root.
The original pass is just a single shell script. It's short, pretty easy to read and likely in part because it's so simple, it's also very stable. The only real dependencies are bash, gnupg and optionally git (history/replication). These are most likely already on your machine and whatever channel you're getting them from (ex: distribution package manager) should be much more resilient to supply chain vulnerabilities.
It can also be used with a pgp smartcard (in my case a Yubikey) so all encryption/decryption happens on the smartcard. Every attempt to decrypt a credential requires a physical button press of the yubikey, making it pretty obvious if some malware is trying to dump the contents of the password store.