a migration document is being worked on while we speak! It will additionally describe ways to automatically migrate pieces of the mwg 6 configuration over to mwg 7. ETA is this month.
One of the things the migration tool does NOT migrate is the RootCAs.
There are some challenges in doing so with the internal formats and the "Trust" attribute.
For example, in 6.8 you can have a pool of RootCAs and they can be globally trusted, but each policy can have a different set of trusts that can be applied.
Do you think it's good enough just to import the global CA list without distinguishing between the trust/no trust status for each policy? At least it would save on the manual import of each certificate.