> 1) You always have the previous working system to boot into. If NetworkManager breaks, you may set up a pin locally for the old version, but that doesn't do you a lot of good if you don't have networking to download it =)
That's why front-ends like apt store previously downloaded packages and keep them in a cache on disk (I'm guessing yum might behave in a similar way).
> 2) The release manager has the option to push arbitrary versions at any time - the closest analogy I can think of would be if someone made a Debian package containing pins. Say it was like "known-good-versions.deb", that dropped a file into /etc/apt.conf.d/known-good-versions.conf.
In Debian, this role is taken by the testing distribution.
> Basically I think reverting back to older known good versions should be a nearly-constant operation in the development tree. It should be easy for both users and release managers.
Sure, but that does not really require downgrading, one can always prepare a new package that backs out a specific change, in the same way you'd do with a project on a git repository, going always forward (like your mozilla example). It does require someone to bisect the problematic code though, but that needs to be done anyway at some point. Either that or the user can revert to a previous local version.