Disagree. My 2 cents as a watcher, administrator and user:
Then don’t take the release! If a release contains security patches (so they should take it), then I don’t see how hiding the issue by holding back the release helps.
Massively disagree. Frequent release to me give the impression of an actively maintained and evolving project. And there are a lot of changes in the HTTP space (HTTP/2, move to encryption, increased awareness on security...etc.).
Discussed above. And nginx releases monthly (http://nginx.org/en/CHANGES) which I’d be happy if Apache HTTPD moved to.
I do wish Apache would run its own “official” repo to make upgrading to latest easier. Don’t have the expertise to help with this and understand it was done in the past and given up due to lack of people who did but still think it’s a shame we don’t. I think this is an area nginx does stand out. Upgrading Nginx is often as simple as “yum update” or “apt-get”. They even run a repo for their mainline version for those that want to be bleeding edge.
And some people are still running Apache Httpd 2.2 or 2.4.6. I don’t think that’s anything to do with the frequency of releases.
Maybe, but that’s not the world we live in. And others want features and we shouldn’t give the impression Httpd is legacy because it lacks the features other web servers may have. Stay on packages managed version of 2.4.6 if you want and just take the security updates that your package manager is responsible to include.