On Wed, Feb 27, 2019 at 5:56 PM Stephen John Smoogen
<smooge(a)gmail.com> wrote:
>
> On Wed, 27 Feb 2019 at 14:36, Mikolaj Izdebski <mizdebsk(a)redhat.com> wrote:
>>
>> On Wed, Feb 27, 2019 at 1:20 PM Stephen John Smoogen <smooge(a)gmail.com>
wrote:
>>> 2. Packaging of elasticsearch was a mess. At the time we had rules
>>> that all packages needed to be packaged in Fedora and follow Fedora
>>> packaging rules. [This one has been relaxed.]
>>
>> I just want to point out that Elasticsearch has been packaged [1] in
>> Fedora for more than 4 years.
>>
>>
https://src.fedoraproject.org/rpms/elasticsearch
>
> The version I am seeing there is 1.7.5 and the version on github is
> 6.6.1 .. i didn't know if that was a 'dont even think about using
> that'
Upstream skipped a bunch of versions. They went from 1.x to 2.x to 5.x
and now 6.x with 7.x in development.
I forgot the exact reason for this, but it had something to do with
aligning the versions across all of Elastic's software.
Though it's still worth noting that 1.7.5 has been EOL for 2
years (2017-01-16, per
).
There's around 15 CVE's since that release (whether 1.7.x
is vulnerable to any/all of them is another matter).
It doesn't seem like the Fedora packages are being actively
maintained. There's been no substanative commits in the
past 3 years.
--
Todd