The repository league/iso3166 changed the source
from https://github.com/thephpleague/iso3166.git
to https://github.com/alcohol/iso3166.git.
The user alcohol posted at https://github.com/alcohol/iso3166/issues/111
I made this package years ago under the league organization because someone suggested I do so, and I figured, why not. But at the same time I also maintain another ISO package, which has always existed under my own account.
Because I am short on time, and want to simplify things to make my own life easier, I'm looking at ways to bring both packages more in sync (interfaces wise but also infrastructural). One of the first steps, was to simply move the repository from the league organization to my own personal account.
So no, it's not a hijacking or anything along those lines. It's just me slowly making things easier for myself.
How can one verify if this repository transfer is legitimate and the account hasn't been compromised?
From the superuser comments it seems like one cannot be sure. But how do we handle this?
In the mean time I feel like this cannot be answered, but I would feel stupid continuing without even asking.