Bug 208494 - textproc/kibana42: deprecate
Summary: textproc/kibana42: deprecate
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Jason Unovitch
Depends on:
Reported: 2016-04-03 23:06 UTC by Serhii (Sergey) Kozlov
Modified: 2016-04-08 01:20 UTC (History)
1 user (show)

See Also:
skozlov: maintainer-feedback+

Patch (445 bytes, patch)
2016-04-03 23:06 UTC, Serhii (Sergey) Kozlov
skozlov: maintainer-approval+
Details | Diff
Portlint log (373 bytes, text/plain)
2016-04-03 23:09 UTC, Serhii (Sergey) Kozlov
skozlov: maintainer-approval+

Note You need to log in before you can comment on or make changes to this bug.
Description Serhii (Sergey) Kozlov freebsd_committer 2016-04-03 23:06:56 UTC
Created attachment 168947 [details]

Deprecate Kibana 4.2 due to not being updated upstream anymore.

Two times in a row the version wasn't included in regular bugfix updates:
1. https://www.elastic.co/blog/kibana-4-4-1-and-4-3-2-and-4-1-5
2. https://www.elastic.co/blog/kibana-4-4-2-and-4-3-3-and-4-1-6
Comment 1 Serhii (Sergey) Kozlov freebsd_committer 2016-04-03 23:08:42 UTC
Do _not_ commit before bug #208493
Comment 2 Serhii (Sergey) Kozlov freebsd_committer 2016-04-03 23:09:36 UTC
Created attachment 168948 [details]
Portlint log
Comment 3 Jason Unovitch freebsd_committer 2016-04-04 01:42:23 UTC
I'd prefer to reference something that says Elasticsearch 2.0 is EOL by the Elastic folks rather then just not getting updates anymore.  I'm looking for a reference for that now.
Comment 4 Jason Unovitch freebsd_committer 2016-04-04 02:19:03 UTC
Wikipedia lists Elasticsearch 2.0 as supported at https://en.wikipedia.org/wiki/Elasticsearch and the list of supported versions on Wikipedia matches https://www.elastic.co/support/matrix#show_os.  The preemptive moved to kibana45 as the master port for the other slaves makes sense but I'm not entirely sure that now is the time to tag this as a deprecated port.
Comment 5 Serhii (Sergey) Kozlov freebsd_committer 2016-04-04 18:34:41 UTC
(In reply to Jason Unovitch from comment #4)

You're right, I think I should have investigated that more through before posting the patch. I was thinking that it's better to be safe then sorry, because unmaintained software can potentially contain security vulnerabilities.

I've created a topic with the question on Elastic's forums:
Comment 6 Serhii (Sergey) Kozlov freebsd_committer 2016-04-06 18:43:23 UTC
(In reply to Sergey Kozlov from comment #5)

According to the reply of the Kibana's team I still vote for deprecation of the port due to a security concerns. I think when 4.3 won't be included in the routine updates, it should also me deprecated.

The answer of Kibana's team:
4.2 and 4.3 are still supported in the sense that we'll answer questions and provide support services for them, but we do not intend to have any future 4.2 or 4.3 releases.

We occasionally ship updates to 4.1 purely for legacy reasons - it's the last release of Kibana that supports Elasticsearch v1.

Edit: We strongly recommend that people run the latest stable version, which is currently 4.5.0.
Comment 7 commit-hook freebsd_committer 2016-04-08 01:18:32 UTC
A commit references this bug:

Author: junovitch
Date: Fri Apr  8 01:18:03 UTC 2016
New revision: 412705
URL: https://svnweb.freebsd.org/changeset/ports/412705

  textproc/kibana42: mark DEPRECATED

  - Kibana 4.2 will no longer be updated by upstream. Upstream recommends
    using Kibana 4.5 (textproc/kibana45) which is only compatible with the
    current ports version of textproc/elasticsearch2 (Elasticsearch 2.3).

  PR:		208494
  Submitted by:	Sergey Kozlov <kozlov.sergey.404@gmail.com> (maintainer)

Comment 8 Jason Unovitch freebsd_committer 2016-04-08 01:20:43 UTC
(In reply to Sergey Kozlov from comment #6)
There are no open incidents against Kibana now at https://www.elastic.co/community/security but it makes sense to be proactive as upstream moves fast on cutting support.  I've extended the date slightly to align with a removal just before 2016Q3 gets cut.

Thank you Sergey.