according to PHP maintainers, this malicious activity stemmed from the compromised git.php.net server, rather than compromise of an individual's Git account. As a precaution following this ...