The SourceForge site was hacked last week, with the attackers going as far as putting a hacked SSH daemon in place.
Since hacking pushes one towards paranoia, let’s go there for a minute.
An attacker being able to change source-code in any SourceForge repository, bypassing change-logs and hacking files’ time-stamps, could introduce compromised source-code to a lot of open-source projects that touch on security. The commercial packages that rely on them multiplies that compromise up by who-knows-how-much.
Wow. Ugly.