pull down to refresh

If you don't install anything besides Bitcoin Core, then you certainly don't need umbrel. But even umbrel doesn't think umbrel is secure, see: https://github.com/getumbrel/umbrel/blob/master/SECURITY.md
Docker is one example of a 3rd party vulnerabilities, but imo the biggest security hole is node.js packages. I assume Umbrel learned their lesson and no longer set a default password. This pw used to be "moneyprintergobrrr" and plenty of people lost sats because of it, and more than once
That's fair. Also security is not a boolean. Umbrella is disclosing know weaknesses. Seems responsible to me especially when dealing with money.
I would not call these node packages holes but rather attack surface.
reply