We took a big step towards truly hands-off releases by doing a (very early) Firefox 2.0.0.7 RC1 with the Buildbot-enabled release automation system. There are still some kinks to work out, but overall things are looking great.

The elapsed machine time from "code freeze" to "ready to ship" was ~15 hours, actual time was +12h or so waiting for someone to do the signing. This does not include time for QA, but a lot of that can be interleaved, and hopefully further automated for maintenance releases (as they generally include no new features).

I know that we're already very good (10FD ftw), but I know we can do better. Imagine with me, if you will, that we had a timeline like this:

Day 1 - security exploit announced

Day 2- RC available

Day 3 - fix available on auto-update

Are there any other software vendors that ship security fixes to a locally-installed application on such a compressed schedule? I'd really like to know; please leave me a comment or email me privately if it's sensitive. I'd love to be able to measure how we're doing, and that's tough without knowing how others measure this.

On a more general note, I think that release automation software should become a commodity just as web servers, continuous integration systems, etc. have. If you want to help out or just see what we're doing, check out the Mozilla release automation docs.