Syndace

I encountered another false positive I believe. Re-exports from `__init__.py` with `--allow-reexport-from-package y` should not be considered unused globals. Here is an updated example that reproduces all three cases: `__init__.py`:...

Here is what I would do with GitHub Actions. I am not familiar with Jenkins but I am sure the same general idea can be applied to Jenkins as well....

> This is a secure boot tool, encrypting /boot is completely meaningless in the context of this. Huh? Simply running `sbctl bundle [...] /boot/efi/EFI/foo.efi` completely compromises encryption on vanilla, unmodified...

> Ok, which distros? They should not be doing that as it's extremely poor practice. I fail to believe it applies to "some common distros", beyond misguided decisions from Manjaro....

Also from a quick search: at least [EndeavourOS](https://forum.endeavouros.com/t/luks-passphrase-required-twice-per-boot-after-changing-passphrase/19197/4) and [openSUSE](https://en.opensuse.org/SDB:Encrypted_root_file_system#In_Leap_and_Tumbleweed) also encrypt `/boot` and copy a key file to the initramfs by default.

This discussion has been inspiring :) I have removed the keyfile from my initramfs and now boot the UKI directly without taking the extra step via some bootloader. This feels...