Bug#515690: embedded-javascript-library: not so certain
"Adam D. Barratt" <adam@adam-barratt.org.uk> writes:
> We currently have two different certainty levels for the embedded-*
> checks. embedded-{feedparser,javascript,php}-library are all Certain,
> whereas embedded-pear-module is Possible.
>
> In general, that's because the tests for the first three tags are
> significantly less likely than the PEAR check to generate false
> positives; they're obviously not foolproof though.
>
> Lowering the severity to Possible still includes the tag in the default
> output and continues to equate to a warning tag so I'm likely to do so
> shortly unless anyone has any objections, at least for the Javascript
> and PHP checks.
Yes, please. I don't think anything that just matches a filename should
be Certain.
I think we should also seriously consider deleting the regex for yahoo.js
until someone develops a file content check for it, since we know it has
false positives, unless someone feels strongly that this is something we
really need to check.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: