>> I've always disliked using compressed tar format for packages anyway--it
>> makes it inefficient to examine or extract components without reading
>> the whole thing.  Last I looked at the package code (5+ years ago),

FWIW, the simple pkg_add script I mentioned earlier handles a directory as the
package.  On space/cpu constrained systems you can unpack as you download, then
run pkg_add against the directory.  This is eaier to do if the package contains
.sig's for all the important files.  If there were a +CONTENTS.sig, then it 
would be simple to verify that and bail if it fails or if any files listed 
were missing or any files present that were not listed.

--sjg