Supply-chain attack and other risks for mailinabox

I self-published my first book recently. I enjoyed the process, so I’ve started another. I’m writing about mailinabox and other tools that people can use to stop the centralization of the internet and restore a sense of privacy to communications online. In my topics, I’m covering sections on risk. One risk that has been in the news recently is supply chain attacks.

I would love to discuss the implications of supply chain attacks and mailinabox. For instance, auto-updating is turned on, and several upstream packages or projects are used, such as NextCloud.

What is the risk users face?
What can people do to mitigate these risks?

I would love to get any insights or feedback that could be helpful to future mailinabox users. I also want to discuss other risks I still need to consider.

Please define exactly what you are referring to here.

NextCloud is not included in package updates. New NextCloud versions are only added as new versions of MiaB are released.