On Mon, Aug 03, 2020 at 11:22:48AM -0400, Bruce Momjian wrote:
> On Sun, Aug 2, 2020 at 11:30:50PM -0700, Noah Misch wrote:
> > On Fri, Mar 23, 2018 at 07:47:39PM -0700, Noah Misch wrote:
> > > In light of the mixed reception, I am withdrawing this proposal.
> >
> > I'd like to reopen this. Reception was mixed, but more in favor than against.
> > Also, variations on the idea trade some problems for others and may be more
> > attractive. The taxonomy of variations has three important dimensions:
> >
> > Interaction with dump/restore (including pg_upgrade) options:
> > a. If the schema has a non-default ACL, dump/restore reproduces it.
> > Otherwise, the new default prevails.
> > b. Dump/restore always reproduces the schema ACL.
>
> I am worried that someone _slightly_ modifies the ACL permissions on the
> schema, and we reproduce it, and they think they are secure, but they
> are not. I guess for the public, and change would be to make it more
> secure, so maybe this works, but it seems tricky.
Unless someone advocates for (a), we have dodged that problem, right?