GitLab

The README discussion in #1029 caused me to look more closely at the file than usual.

There are at least 4 instances of http: URIs that should be https:

There are quite a few http: URIs in the doc tree as well - but you can't do a global substitution. For example, there are references to the statistics channel, which does not support SSL/TLS. Except for those special cases, pretty much everyone supports https: - for security, for search engine ranking, to avoid browser warnings. And because it's now best practice.

Most of the http: URIs redirect to https: (including the Mozilla license and the XSL schemas), but this doesn't prevent MITM issues.

Of course these aren't financially or privacy sensitive references, but knowing ISC's interest in internet hygiene, I thought I should point them out.

In the medium-long term http is being defacto deprecated. (None of my external-facing sites have responded to http: for years...which until recently, dramatically cut down on the unwanted probes.)