Rpmlint: missing-call-to-setgroups-before-setuid

I created an RPM package. It seems Ok.
But running rpmlint I get this error:

hasciicam.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/hasciicam
This executable is calling setuid and setgid without setgroups or initgroups.
There is a high probability this means it didn't relinquish all groups, and
this would be a potential security issue to be fixed. Seek POS36-C on the web
for details about the problem.

In the source code there are these two lines:

setuid (uid);
setgid (gid);

Should they be reversed?

It’s not so simple, eh?

It depends whether this is about giving up or gaining privileges. For giving up privileges, setuid should come last.

In all cases, you need proper error checking, handle supplementary groups, and scrub other parts of the process state (environment variables, umask, file descriptors, etc.).