Why is pkg(8) so frequently updated?

Today it might make sense with all the work on pkg-base even before pkg-base, I would see pkg upgrade itself almost every time I ran pkg upgrade.

What's going on here? Why is pkg(8) so maintenance intensive?
 
It's absolutely a supply-chain attack target. Everyday someone is trying to spread malicious code through this default portal.

I wonder if it also interchanges the executable fingerprint with rhe official binary suppliers to catch systems with a suspicious client.
 
Back
Top