RH8 apt-get weirdness

[mike808@users.sourceforge.net]

I was updating my KSPEI UML host and saw a strange message at the end.

Here's the log:

# apt-get upgrade
Reading Package Lists... Done
Building Dependency Tree... Done
The following packages will be upgraded
   perl-CGI (2.752-34.99.6 => 2.81-88.3)
   perl-CPAN (1.61-55 => 1.61-88.3)
   perl-DB_File (1.804-55 => 1.804-88.3)
3 upgraded, 0 newly installed, 0 removed and 0 not upgraded.
Need to get 455kB of archives.
After unpacking 221kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ftp.kspei.com redhat/8.0/en/i386/updates-os perl-CGI 2:2.81-88.3 [188kB]
Get:2 http://ftp.kspei.com redhat/8.0/en/i386/updates-os perl-CPAN 2:1.61-88.3 [106kB]
Get:3 http://ftp.kspei.com redhat/8.0/en/i386/updates-os perl-DB_File 2:1.804-88.3 [161kB]
Fetched 455kB in 0s (1699kB/s)
Checking GPG signatures...
Committing changes...
Preparing...                ########################################### [100%]
   1:perl-CGI               ########################################### [ 33%]
   2:perl-CPAN              ########################################### [ 67%]
   3:perl-DB_File           ########################################### [100%]
Done.
error opening /boot/grub/grub.conf for read: No such file or directory


OK, does anyone else get a weird feeling when installing PERL modules from an APT repository are asking to mess with /boot/grub/grub.conf?

WTF is up wit dat? Who is building these CPAN modules and putting nasties in the RPMs? And then apparently they were signed. So much for digital signatures, eh?

Are we seeing the beginning of widely distributed compromised DEBs and RPMs with tricks taken from the Windows book of malware?

Mike/

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.