LOW | V-38567 | PATCH not idempotent #112
Description
I noticed that sometimes on a subsequent run of this task it is not idempotent. It trigger a changed result because /usr/bin/screen showed up in the list of setuid/gid programs that needed to be audited.
The only thing I can figure is that the task that gathers the setuid/setgid program list is run in prelim.yml before any other tasks. Then there is a task in cat2.yml that runs and updates all out of date packages. i.e. V-38481. THEN in cat3.yml the setuid/gid list of programs is consumed.
I think moving the task out of prelim and putting it in a task block right before it needs to be consumed makes sense to fix this.