Bug 208494

Summary:

textproc/kibana42: deprecate

Product:

Ports & Packages

Reporter:

Serhii (Sergey) Kozlov <skozlov>

Component:

Individual Port(s)

Assignee:

Jason Unovitch <junovitch>

Status:

Closed FIXED

Severity:

Affects Only Me

CC:

junovitch

Priority:

---

Flags:

skozlov: maintainer-feedback+

Version:

Latest

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
Patch	skozlov: maintainer-approval+
Portlint log	skozlov: maintainer-approval+

Description Serhii (Sergey) Kozlov freebsd_committer

2016-04-03 23:06:56 UTC

Created attachment 168947 [details]
Patch

Deprecate Kibana 4.2 due to not being updated upstream anymore.

Two times in a row the version wasn't included in regular bugfix updates:
1. https://www.elastic.co/blog/kibana-4-4-1-and-4-3-2-and-4-1-5
2. https://www.elastic.co/blog/kibana-4-4-2-and-4-3-3-and-4-1-6

Comment 1 Serhii (Sergey) Kozlov freebsd_committer

2016-04-03 23:08:42 UTC

Do _not_ commit before bug #208493

Comment 2 Serhii (Sergey) Kozlov freebsd_committer

2016-04-03 23:09:36 UTC

Created attachment 168948 [details]
Portlint log

Comment 3 Jason Unovitch freebsd_committer

2016-04-04 01:42:23 UTC

I'd prefer to reference something that says Elasticsearch 2.0 is EOL by the Elastic folks rather then just not getting updates anymore.  I'm looking for a reference for that now.

Comment 4 Jason Unovitch freebsd_committer

2016-04-04 02:19:03 UTC

Wikipedia lists Elasticsearch 2.0 as supported at https://en.wikipedia.org/wiki/Elasticsearch and the list of supported versions on Wikipedia matches https://www.elastic.co/support/matrix#show_os.  The preemptive moved to kibana45 as the master port for the other slaves makes sense but I'm not entirely sure that now is the time to tag this as a deprecated port.

Comment 5 Serhii (Sergey) Kozlov freebsd_committer

2016-04-04 18:34:41 UTC

(In reply to Jason Unovitch from comment #4)

You're right, I think I should have investigated that more through before posting the patch. I was thinking that it's better to be safe then sorry, because unmaintained software can potentially contain security vulnerabilities.

I've created a topic with the question on Elastic's forums:
https://discuss.elastic.co/t/is-kibana-4-2-still-supported/46281

Comment 6 Serhii (Sergey) Kozlov freebsd_committer

2016-04-06 18:43:23 UTC

(In reply to Sergey Kozlov from comment #5)

According to the reply of the Kibana's team I still vote for deprecation of the port due to a security concerns. I think when 4.3 won't be included in the routine updates, it should also me deprecated.


The answer of Kibana's team:
4.2 and 4.3 are still supported in the sense that we'll answer questions and provide support services for them, but we do not intend to have any future 4.2 or 4.3 releases.

We occasionally ship updates to 4.1 purely for legacy reasons - it's the last release of Kibana that supports Elasticsearch v1.

Edit: We strongly recommend that people run the latest stable version, which is currently 4.5.0.

Comment 7 commit-hook freebsd_committer

2016-04-08 01:18:32 UTC

A commit references this bug:

Author: junovitch
Date: Fri Apr  8 01:18:03 UTC 2016
New revision: 412705
URL: https://svnweb.freebsd.org/changeset/ports/412705

Log:
  textproc/kibana42: mark DEPRECATED

  - Kibana 4.2 will no longer be updated by upstream. Upstream recommends
    using Kibana 4.5 (textproc/kibana45) which is only compatible with the
    current ports version of textproc/elasticsearch2 (Elasticsearch 2.3).

  PR:		208494
  Submitted by:	Sergey Kozlov <kozlov.sergey.404@gmail.com> (maintainer)

Changes:
  head/textproc/kibana42/Makefile

Comment 8 Jason Unovitch freebsd_committer

2016-04-08 01:20:43 UTC

(In reply to Sergey Kozlov from comment #6)
There are no open incidents against Kibana now at https://www.elastic.co/community/security but it makes sense to be proactive as upstream moves fast on cutting support.  I've extended the date slightly to align with a removal just before 2016Q3 gets cut.

Thank you Sergey.