APT whitelist request for puredata-dev

[umlaeute]

[travisbot]

_This is an automated comment._

Ran tests and found setuid bits by purely textual search. Further analysis is required.

If these are found to be benign, examine http://github.com/travis-ci/apt-package-whitelist/tree/test-apt-package-whitelist-1105 and its PR.

Packages found: puredata puredata-core puredata-gui puredata-doc puredata-dev puredata-utils puredata-extra

See https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/78739238 for details.

[umlaeute]

just to explain the setuid stuff: Pd (aka puredata, the source package for puredata-dev) is a real-time audio processing system. as such it is often run with higher-than-normal privileges. in order to obtain real-time privileges, Pd can be run with setuid enabled, and this is mentioned in the documentation (most hits in the travis test-scripts returned documentation). if the puredata binary is setuid'ed, it drops root-priviliges asap; for doing this, the code contains a few setuid(getuid()) calls (explaining the other hits).

The binaries in the Debian packages do not have the setuid bit set.

anyhow, all this only concerns the puredata-core package; the request was about puredata-dev which only contains a bunch of headers and no executable code.

[travisbot]

This is an automated comment.

Ran tests and found setuid bits by purely textual search. Further analysis is required.

If these are found to be benign, examine http://github.com/travis-ci/apt-package-whitelist/compare/test-apt-package-whitelist-1105 and its PR.

Packages found: puredata puredata-core puredata-gui puredata-doc puredata-dev puredata-utils puredata-extra

See https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/440491858 for details.

[umlaeute]

is this real?

*Ubuntu 14.04 (trusty)" had puredata-0.45. i can't remember which Ubuntu version had puredata-0.43 (it was released in 2012).