From: Dan Mahoney <>
Date: Tue, 08 Feb 2022 20:03:39 UTC

Now that FreeBSD seems to be handling root ssl certs internally, will the ca_root_nss port/package go away at some point?  (Or rather, stop being a dependency of other packages?  I.e. if you want to trust ca_root_nss you can install it, but the OS baseline is what things like "curl" default to trusting.

Is there a good explainer somewhere about what differs between ca_root_nss and the OS builtins?