We've just published a new build, so head on over to the Latest Builds page to check it out. The new build contains a new HardenedBSD-only change (so a change we will not upstream) that adds a sysctl tunable to fully disable mmap(MAP_32BIT) support on amd64. Mappings that reside only in the 32bit address space don't have enough bits to randomize, so disabling this feature entirely removes one more attack vector. Now that pkg 1.3.7 is out, we're building our first pkg repo.