Disingenuous. What happens when you need to restart your server because of some extreme necessary security patch?
How do you manage backups?
Since it's running on java, you probably don't want to expose this server to the internet unless you actively want to maintain updates to JDK versions. So now you're on the hook for that.
"Since it's running on java, you probably don't want to expose this server to the internet"
Is latest versions from tomcat/jetty/etc. really known for having major security holes? More so than apache/nginx/etc.
Maybe you are confusing the recent Java applets security issue with Java in general. Java has got to be one of the most well funded and developed technology out there, due to peoples reliance to it in enterprise.
People also don't normally run their Java web server as root which adds a bit more security. If there is something about Java security that makes you so worried, I would love to hear about it. As it will probably be news to me.
Some of the exploits that target applets also affect running servers. Tomcat or Jetty or WebLogic from two years ago are likely compromisable pretty easily.
Any web server has the same issue, and most people are more than fine if they update somewhat regularly. Whether node or rails or whathaveyou, you need to keep updating.
My code on github from two years ago is as secure now as it was then, because someone else has taken on the onus of playing security-update wack-a-mole for me. That's all I meant; I didn't mean to imply java was less secure by default than any other thing listening for connections on the internet.
"Some of the exploits that target applets also affect running servers."
This would make sense. It's the same reason why php makes apache or ngnix insecure. They are front facing and have access to the OS filesystem and such.
"I didn't mean to imply java was less secure by default"
Okay gotcha. I work with Java quite a bit and was confused by your statement as I thought I missed some major security news.
1. If you need to restart your server because patches, then you restart it. :)
2. Backups: AFAIK you can simply just backup /home/user that runs GitBucket. "To upgrade GitBucket, only replace gitbucket.war. All GitBucket data is stored in HOME/.gitbucket. So if you want to back up GitBucket data, copy this directory to the other disk."
3. "Since it's Java ... therefore security" yeah, you need to keep it updated, same goes for ALL software. Luckily I'm using an enterprise class distro which provides timely security updates and pays particular attention to Java (RHEL/CentOS).
Nothing is ever "simple", but running stuff yourself is not as hard as many people think, you just need to get a bit involved.
Problem there might be that 'disingenuous' can be a false friend for non-english native speakers...
But I do tend to agree with his comment. Self hosting is never simple, it's one more thing you have to take care of. Yes there might be cases where self hosting something is a requirement but, personally, for all the things that are strictly not work related and things that "just have to work" (e.g.: email, im, code hosting for free time projects) I use third party services, unfortunately I don't have enough time to take care of those things, and since I have to take care of similar things at work, at least for my own spare time I want something that helps me focus on what I really want to do.
java -jar gitbucket.war