in 9.2 ca-root-nss is in ports not main and fetch doesn't take any options
relating to peer verification (no verification can be done).  In 10 we can get
and use ca root certs to verify our https connection to github, so we should.