[pliu]

The situation is now like this:

* In Debian Jessie, you can still install the Debian Elasticsearch package, but it will not receive security updates any longer.

* In future releases of Debian, this package will not be available in the main repo, but will still be available in the unstable or jessie-backports repos.

* Elasticsearch (the company) maintains its own Apt repositories where they will provide updated versions according to their support policies. If you add this repository to your Debian based systems you can install the (supported) Elasticsearch package with "apt-get install elasticsearch".

It is my opinion that you should not deploy the Debian ES package in a production setting. Use the vendor repo and save yourself a headache.

[dozzie]

Vendor packages are rarely properly built, so this is a large no-no for Elasticsearch.

[voltagex_]

Lintian says:

    E: elasticsearch: file-in-usr-marked-as-conffile usr/lib/systemd/system/elasticsearch.service
    E: elasticsearch: description-starts-with-package-name
    W: elasticsearch: description-too-long
    E: elasticsearch: extended-description-is-empty
    W: elasticsearch: non-standard-dir-perm etc/elasticsearch/ 0750 != 0755
    W: elasticsearch: executable-is-not-world-readable etc/elasticsearch/elasticsearch.yml 0750
    W: elasticsearch: executable-is-not-world-readable etc/elasticsearch/logging.yml 0750
    W: elasticsearch: non-standard-dir-perm etc/elasticsearch/scripts/ 0750 != 0755
    E: elasticsearch: dir-or-file-in-var-run var/run/elasticsearch/
    E: elasticsearch: postrm-contains-additional-updaterc.d-calls etc/init.d/elasticsearch
    W: elasticsearch: script-in-etc-init.d-not-registered-via-update-rc.d etc/init.d/elasticsearch
    W: elasticsearch: executable-not-elf-or-script etc/elasticsearch/elasticsearch.yml
    W: elasticsearch: executable-not-elf-or-script etc/elasticsearch/logging.yml
    W: elasticsearch: maintainer-script-calls-systemctl postinst:82
    W: elasticsearch: maintainer-script-calls-systemctl postrm:72
    W: elasticsearch: maintainer-script-calls-systemctl prerm:51

Doesn't look too bad, I'd want to fix the permissions but it's not the worst thing I've seen

[pliu]

I don't necessarily agree with this statement, but I suppose it depends on the vendor huh.

For what it's worth, I am currently running off the official packages at moderate scale (~30 machines all together) and have not yet had an issue with it, though it's certainly possible that one will arise and I will thereafter curse Elasticsearch forever.

In this particular case though, security updates are critical, so what other choice is there unless you want to package your own?

[thawkins]

The redhat/fedora repository versions of ES are so badly broken that they are a hazzard. It would be a service for redhat to pull them too.