| From: | Noah Misch <noah(at)leadboat(dot)com> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: First draft of the PG 15 release notes |
| Date: | 2022-07-02 01:21:28 |
| Message-ID: | 20220702012128.GA2301877@rfd.leadboat.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Jul 01, 2022 at 02:08:00PM -0400, Bruce Momjian wrote:
> On Wed, Jun 29, 2022 at 10:08:08PM -0700, Noah Misch wrote:
> > On Tue, Jun 28, 2022 at 04:35:45PM -0400, Bruce Momjian wrote:
> > > > > permissions on the <literal>public</literal> schema has not
> > > > > been changed. Databases restored from previous Postgres releases
> > > > > will be restored with their current permissions. Users wishing
> > > > > to have the old permissions on new objects will need to grant
> > > >
> > > > The phrase "old permissions on new objects" doesn't sound right to me, but I'm
> > > > not sure why. I think you're aiming for the fact that this is just a default;
> > > > one can still change the ACL to anything, including to the old default. If
> > > > these notes are going to mention the old default like they do so far, I think
> > > > they should also urge readers to understand
> > > > /docs/devel/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
> > > > before returning to the old default. What do you think?
> > >
> > > Agreed, the new text is:
> > >
> > > Users wishing to have the former permissions will need to grant
> > > <literal>CREATE</literal> permission for <literal>PUBLIC</literal> on
> > > the <literal>public</literal> schema; this change can be made on
> > > <literal>template1</literal> to cause all new databases to have these
> > > permissions.
> >
> > What do you think about the "should also urge readers ..." part of my message?
>
> I see your point, that there is no indication of why you might not want
> to restore the old permissions. I created the attached patch which
> makes two additions to clarify this.
> --- a/doc/src/sgml/release-15.sgml
> +++ b/doc/src/sgml/release-15.sgml
> @@ -63,12 +63,11 @@ Author: Noah Misch <noah(at)leadboat(dot)com>
> permissions on the <literal>public</literal> schema has not
> been changed. Databases restored from previous Postgres releases
> will be restored with their current permissions. Users wishing
> - to have the former more-open permissions will need to grant
> + to have the former permissions will need to grant
> <literal>CREATE</literal> permission for <literal>PUBLIC</literal>
> on the <literal>public</literal> schema; this change can be made
> on <literal>template1</literal> to cause all new databases
> - to have these permissions. This change was made to increase
> - security.
> + to have these permissions.
> </para>
> </listitem>
Here's what I've been trying to ask: what do you think of linking to
/docs/devel/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
here? The release note text is still vague, and the docs have extensive
coverage of the topic. The notes can just link to that extensive coverage.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Noah Misch | 2022-07-02 01:45:53 | Re: Time to remove unparenthesized syntax for VACUUM? |
| Previous Message | Masahiko Sawada | 2022-07-02 00:52:41 | Re: Issue with pg_stat_subscription_stats |