CI/CD maturity isn't deploy frequency — it's rollback speed

The pattern

Pipeline maturity spectrum:

Level 1:  Manual deploys, no rollback plan
Level 2:  Automated deploys, manual rollback (30-60 min)
Level 3:  Automated deploys, scripted rollback (5-15 min)
Level 4:  Progressive delivery + auto-rollback on SLO breach
          (Rollback = automatic, measured in seconds)

Most orgs think they're at L3. Incidents reveal they're at L2.

The insight

Most orgs measure pipeline health by how fast they can ship. The metric that actually predicts reliability is how fast they can un-ship. The teams I've seen handle incidents best can rollback any change in under 5 minutes — not because of tools, but because they designed for it.

The non-obvious part

At scale, the teams who deploy most confidently are the ones who've made rollback boring and automatic — not the ones who've made deploys faster. Speed without a safety net is just a higher-velocity path to incidents.

My rule

→ If your rollback plan starts with 'first, find the last good commit...', you don't have a rollback plan. You have a recovery plan. These are not the same thing.

Worth reading

• ▸ Google SRE Book — Release Engineering & Change Management (ch. 8)
• ▸ Argo Rollouts docs — metric-gated progressive delivery and auto-rollback