Re: First draft of the PG 15 release notes - Mailing list pgsql-hackers
| From | Bruce Momjian |
|---|---|
| Subject | Re: First draft of the PG 15 release notes |
| Date | |
| Msg-id | YsSglBBxcPSUDwUb@momjian.us Whole thread Raw |
| In response to | Re: First draft of the PG 15 release notes (Noah Misch <noah@leadboat.com>) |
| Responses |
Re: First draft of the PG 15 release notes
|
| List | pgsql-hackers |
On Tue, Jul 5, 2022 at 12:53:49PM -0700, Noah Misch wrote: > On Tue, Jul 05, 2022 at 02:35:39PM -0400, Bruce Momjian wrote: > > On Fri, Jul 1, 2022 at 06:21:28PM -0700, Noah Misch wrote: > > > Here's what I've been trying to ask: what do you think of linking to > > > https://www.postgresql.org/docs/devel/ddl-schemas.html#DDL-SCHEMAS-PATTERNS > > > here? The release note text is still vague, and the docs have extensive > > > coverage of the topic. The notes can just link to that extensive coverage. > > > > Sure. how is this patch? > > > --- a/doc/src/sgml/release-15.sgml > > +++ b/doc/src/sgml/release-15.sgml > > @@ -63,11 +63,12 @@ Author: Noah Misch <noah@leadboat.com> > > permissions on the <literal>public</literal> schema has not > > been changed. Databases restored from previous Postgres releases > > will be restored with their current permissions. Users wishing > > - to have the former permissions will need to grant > > + to have the former more-open permissions will need to grant > > <literal>CREATE</literal> permission for <literal>PUBLIC</literal> > > on the <literal>public</literal> schema; this change can be made > > on <literal>template1</literal> to cause all new databases > > - to have these permissions. > > + to have these permissions. This change was made to increase > > + security; see <xref linkend="ddl-schemas-patterns"/>. > > </para> > > </listitem> > > I think this still puts undue weight on single-user systems moving back to the > old default. The linked documentation does say how to get back to v14 > permissions (and disclaims security if you do so), so let's not mention it > here. The attached is how I would write it. I also reworked the "Databases > restored from previous ..." sentence, since its statement is also true of > databases restored v15-to-v15 (no "previous" release involved). I also moved > the bit about USAGE to end, since it's just emphasizing what the reader should > already assume. Any concerns? I see where you are going --- to talk about how to convert upgraded clusters to secure clusters, rather than how to revert to the previous behavior. I assumed that the most common question would be how to get the previous behavior, rather than how to get the new behavior in upgraded clusters. However, I am fine with what you think is best. My only stylistic suggestion would be to remove "a" from "a <literal>REVOKE</literal>". -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Indecision is a decision. Inaction is an action. Mark Batterson
pgsql-hackers by date: