Re: First draft of the PG 15 release notes - Mailing list pgsql-hackers

From Noah Misch
Subject Re: First draft of the PG 15 release notes
Date
Msg-id 20220702012128.GA2301877@rfd.leadboat.com
Whole thread Raw
In response to Re: First draft of the PG 15 release notes  (Bruce Momjian <bruce@momjian.us>)
Responses Re: First draft of the PG 15 release notes
List pgsql-hackers
On Fri, Jul 01, 2022 at 02:08:00PM -0400, Bruce Momjian wrote:
> On Wed, Jun 29, 2022 at 10:08:08PM -0700, Noah Misch wrote:
> > On Tue, Jun 28, 2022 at 04:35:45PM -0400, Bruce Momjian wrote:

> > > > >       permissions on the <literal>public</literal> schema has not
> > > > >       been changed.  Databases restored from previous Postgres releases
> > > > >       will be restored with their current permissions.  Users wishing
> > > > >       to have the old permissions on new objects will need to grant
> > > > 
> > > > The phrase "old permissions on new objects" doesn't sound right to me, but I'm
> > > > not sure why.  I think you're aiming for the fact that this is just a default;
> > > > one can still change the ACL to anything, including to the old default.  If
> > > > these notes are going to mention the old default like they do so far, I think
> > > > they should also urge readers to understand
> > > > https://www.postgresql.org/docs/devel/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
> > > > before returning to the old default.  What do you think?
> > > 
> > > Agreed, the new text is:
> > > 
> > >     Users wishing to have the former permissions will need to grant
> > >     <literal>CREATE</literal> permission for <literal>PUBLIC</literal> on
> > >     the <literal>public</literal> schema; this change can be made on
> > >     <literal>template1</literal> to cause all new databases to have these
> > >     permissions.
> > 
> > What do you think about the "should also urge readers ..." part of my message?
> 
> I see your point, that there is no indication of why you might not want
> to restore the old permissions.  I created the attached patch which
> makes two additions to clarify this.

> --- a/doc/src/sgml/release-15.sgml
> +++ b/doc/src/sgml/release-15.sgml
> @@ -63,12 +63,11 @@ Author: Noah Misch <noah@leadboat.com>
>        permissions on the <literal>public</literal> schema has not
>        been changed.  Databases restored from previous Postgres releases
>        will be restored with their current permissions.  Users wishing
> -      to have the former more-open permissions will need to grant
> +      to have the former permissions will need to grant
>        <literal>CREATE</literal> permission for <literal>PUBLIC</literal>
>        on the <literal>public</literal> schema; this change can be made
>        on <literal>template1</literal> to cause all new databases
> -      to have these permissions.  This change was made to increase
> -      security.
> +      to have these permissions.
>       </para>
>      </listitem>

Here's what I've been trying to ask: what do you think of linking to
https://www.postgresql.org/docs/devel/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
here?  The release note text is still vague, and the docs have extensive
coverage of the topic.  The notes can just link to that extensive coverage.



pgsql-hackers by date:

Previous
From: Masahiko Sawada
Date:
Subject: Re: Issue with pg_stat_subscription_stats
Next
From: Noah Misch
Date:
Subject: Re: Time to remove unparenthesized syntax for VACUUM?