(In reply to comment #0)
> The following shell fragement generates a false positive:
> let rand=${RANDOM}%%${max}
> 
> If rpmlint encounters %% it should not report this.

There seems to be some bogosity in the percent-in-* check indeed, but note that
rpmlint does not encounter a "%%", PostCheck.py which reports the warning sees a
single "%" as it basically inspects the equivalent of the output of rpm -qp
--scripts mypackage.rpm

Oh, I think I see now.  So when it sees a % in the output of rpm -qp --scripts
mypackage.rpm, it thinks that some important macro may have not been substituted?

Seems like it would be safe to only look for %[a-z,A-Z]* though.

Right.  In case you've looked at the code, I have absolutely no idea why it
first checks if there's a (shell-uncommented) %, then if there's a %%, and if
the latter is found, it doesn't warn.  Maybe a thinko by whoever wrote that code.

I suppose using simply the regexp %{?\w would be a candidate fix.

The usage case for '%' within %post et al scriptlets is very obscure, and likely
to get worse when I expand scriptlets at install, not build, time by escaping
macro expansions.

FWIW a seiries of %%% followed by { is likelier to be an unexpanded -- which is an error - or
intentionally delayed by escaping -- which is not an error -- macro expansion than any conceivable
shell or CLI usage of %.

Yeah, it's already pretty much impossible to get this particular check to be too
reliable, and sounds like it might get even more so in the future.  Anyway, I
think changing the regexp is an improvement right now, so done upstream:
http://rpmlint.zarb.org/cgi-bin/trac.cgi/changeset/1338

rpmlint-0.81-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.