Enabling this is trivial, the question is: is there any reason we *can't* enable this? Who's responsible for this service and might know of exceptions like mixed-content, or HTTPS-incapable tools which rely on it, etc? [note this a generic message being tacked into the description of several similar tickets]
Re: rolematcher - the only real host I could trace it to in puppetization was fluorine. However, post-merge the update did not get applied there, so I think through some indirection I didn't look at closely enough, it's not really being actively deployed anywhere. I was under the impression udp2log was dead/dying anyways, so that's probably why!