Mention exactly what you used it for (e.g., "shipping electronics" or "packaging Linux binaries").

Security is another area where the format excels. Packages can be digitally signed to verify the software's authenticity. This reduces the risk of users running malicious clones of a program. On platforms like macOS, using a signed pkg helps bypass strict security warnings that often flag unidentified standalone binaries. Furthermore, a pkg installation provides the system with a history of what was installed and where, making it easier for security audits and clean uninstalls. User and Admin Experience

Third principle: encapsulate intent. A bin is storage; a package is a contract. Each package declared what it should do and what it would not. She added lightweight metadata fields: runtime category, backward-compatibility guarantee, deprecation timeline. When an on-call engineer opened a package manifest during an incident, they could see whether behavior had changed or whether the package maintained the stability the incident depended on. The number of “surprise regressions” in release notes dropped by half in the next sprint.