While the archive file format itself may be unchanged, package formats carry additional metadata, such as a manifest file or certain directory layouts.
Packages are an important component in managing the security and integrity of the software supply chain.
Packages containing executables and configuration can be digitally signed to establish the integrity of running software and protect against tampering.
[2] Package formats that support code signing include .deb (Debian), .msi (Microsoft Windows), .apk (Android) and .ipa (IOS, IPadOS).
Arch Linux's Pacman[11] and Slackware[12] use 'tar' archives with generic naming but specific internal structures.