Recently, we put some files in /etc/cron.d under salt control. During a time where we had to make some non-permanent local modifications to that file, we marked it immutable using chattr.
However, when the salt minion ran, it copied the controlled file down locally to a temp file name similar to the controlled file, was unable to overwrite it, and left the temp file there.
Well, for some files, that's fine.. for any *.d/ substructure, that creates a massive problem, as the temp files tend to get included.
IMO, in the case of immutable files, once the diff has been output to screen, temp files should be wiped out to avoid this problem at least if the containing folder has the regex "^.+.d$"
Good call, I will get this cleaned up