Another ping about this (noticed it while going through a list of backlogged TODOs at my workplace). The code to implement this is written, pushed, and ready for review at https://salsa.debian.org/ArrayBolt3/policyrcd-script-zg2. (I didn't fork your repo because Salsa wasn't letting me at the time.) If this could still be looked at, that would be awesome.
Thanks, -- Aaron
pgpDgPICJ0zb1.pgp
Description: OpenPGP digital signature
