"Adam D. Barratt" <[email protected]> writes: > We currently have two different certainty levels for the embedded-* > checks. embedded-{feedparser,javascript,php}-library are all Certain, > whereas embedded-pear-module is Possible. > > In general, that's because the tests for the first three tags are > significantly less likely than the PEAR check to generate false > positives; they're obviously not foolproof though. > > Lowering the severity to Possible still includes the tag in the default > output and continues to equate to a warning tag so I'm likely to do so > shortly unless anyone has any objections, at least for the Javascript > and PHP checks.
Yes, please. I don't think anything that just matches a filename should be Certain. I think we should also seriously consider deleting the regex for yahoo.js until someone develops a file content check for it, since we know it has false positives, unless someone feels strongly that this is something we really need to check. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
