On Mon, Apr 28, 2008 at 9:05 AM, Alan Pritt <alan@humte.com> wrote:
On 28 Apr 2008, at 15:57, catch wrote:
[...] there's clearly non-trivial resources involved in 12 months additional
maintenance of a core release.
Can anyone estimate what security only (no other bug fixes) support would cost in man hours?
It depends on the situation. Personally, I easily spend 10-20 hours on a 5.x security release. It varies a lot depending on the straightforwardness of the fixes and who is helping. At least 3 people, two branch maintainers and the security team lead, spend up to 4 hours online to make the release, others are online to help. Various people review every incoming message and examine potential vulnerabilities. Various people write and review patches; a good patch review takes at least 30 minutes. Security releases are not straightforward, easy, or cheap. -- Neil Drumm http://delocalizedham.com