No, we haven't started it. It's a request for comments on the plan.
As for the brute-force attack, it seems to indicate a misunderstanding of the purpose of the proposed change. It's not meant to make it impossible for people to find the information they want. That it can be brute-forced is not important. What's important is that Linux-libre wouldn't be at fault if a user was determined to fall in the trap.
I don't see how such a userland script would be useful for someone who wants to run only Free Software, which is our primary target audience, so I wouldn't be inclined to add it, but I don't think there'd be objections if someone wrote it and published it.
For blobs included in (non-Free) Linux, you can get the blob names from the deblobbing logs, published along with the tarball. For blobs not included in Linux, patterns that match their names can be easily extracted from the deblobbing script, although exhaustive search on all expansions of some of the regular expressions might be a bit more work than you'd wish.
Mr Corbet, I get the impression you may have missed the link to the Linux-libre web page in the section About Linux-libre: http://linux-libre.fsfla.org/.
There, people would find links to our source releases as well as binary releases for various distros. Pointing links only to the source release makes the project look far more limited than it is. I'll give you that the link could have given more visibility, though ;-)
BTW, the address of our mailing list, email@example.com, got mangled in the copy of the article you published. Would you like us to forward unmangled announcements directly to you next time?