Heads Up: PHP's Git server hacked to add backdoors to PHP source code

Seems they didn’t get pushed out to other repos, particularly Ubuntu.

Not clear to me that migrating to GitHub is the best solution for them. It seems like everyone is moving to this platform which means huge juicy single point of failure.


I heard about this on Security Now. Gibson’s view was that the hacker clearly didn’t mean any harm. He made the commits extremely obvious and intended as a (very bad) joke! There doesn’t appear to be an danger to PHP users.

Still, not good that they managed to get into their git server!

Is this an April Fool’s prank?

No, it is not a prank.