[Foo2zjs-maintainer] Bug#503813: foo2zjs: getweb script depends on non-free firmware

[Michael Gilbert]

i'll go ahead and start the discussion since no one else is running
with it.  this matter is rather urgent since the problem is now being
considered release-critical for lenny.  i see three possible courses
of action:

1.  ignore the problem:  mark the bug wontfix
rationalle:  the firmware fetching stuff is a small component of the
package and the debian policy is not explicitly clear on the matter
cons: leaves vector for possible security attacks and script can
become non-functional (e.g. getweb has been non-functional in over a
year in etch)

2.  fix the problem now:  either remove getweb completely or make a
separate foo2zjs-contrib package with just getweb, and have this ready
for the lenny release
rationalle: since getweb is a security risk and could break, it should
be eliminated
cons: less functionality for user.  some work for the maintainer.

3.  fix the problem later: same as above, but tag lenny-ignore
rationalle:  same as above, but with limited time, this is the least
path of resistance
cons: same as above, but leaves users vulnerable during the lenny time frame.

there is also the matter of whether the policy should be clarified for
this type of situation -- and whether all other cases of fetching
scripts should be tagged release-critical.  i will leave this for
further discussion since it isn't so urgent.

let me again stress that action is URGENT since this is
release-critical for lenny.

regards,
mike