Neal Gompa wrote:
On Wed, Feb 27, 2019 at 5:56 PM Stephen John Smoogen smooge@gmail.com wrote:
On Wed, 27 Feb 2019 at 14:36, Mikolaj Izdebski mizdebsk@redhat.com wrote:
On Wed, Feb 27, 2019 at 1:20 PM Stephen John Smoogen smooge@gmail.com wrote:
- Packaging of elasticsearch was a mess. At the time we had rules
that all packages needed to be packaged in Fedora and follow Fedora packaging rules. [This one has been relaxed.]
I just want to point out that Elasticsearch has been packaged [1] in Fedora for more than 4 years.
The version I am seeing there is 1.7.5 and the version on github is 6.6.1 .. i didn't know if that was a 'dont even think about using that'
Upstream skipped a bunch of versions. They went from 1.x to 2.x to 5.x and now 6.x with 7.x in development.
I forgot the exact reason for this, but it had something to do with aligning the versions across all of Elastic's software.
Though it's still worth noting that 1.7.5 has been EOL for 2 years (2017-01-16, per https://www.elastic.co/support/eol). There's around 15 CVE's since that release (whether 1.7.x is vulnerable to any/all of them is another matter).
It doesn't seem like the Fedora packages are being actively maintained. There's been no substanative commits in the past 3 years.