On Tue, Jul 05, 2022 at 02:35:39PM -0400, Bruce Momjian wrote:
> On Fri, Jul 1, 2022 at 06:21:28PM -0700, Noah Misch wrote:
> > Here's what I've been trying to ask: what do you think of linking to
> > https://www.postgresql.org/docs/devel/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
> > here? The release note text is still vague, and the docs have extensive
> > coverage of the topic. The notes can just link to that extensive coverage.
>
> Sure. how is this patch?
> --- a/doc/src/sgml/release-15.sgml
> +++ b/doc/src/sgml/release-15.sgml
> @@ -63,11 +63,12 @@ Author: Noah Misch <noah@leadboat.com>
> permissions on the <literal>public</literal> schema has not
> been changed. Databases restored from previous Postgres releases
> will be restored with their current permissions. Users wishing
> - to have the former permissions will need to grant
> + to have the former more-open permissions will need to grant
> <literal>CREATE</literal> permission for <literal>PUBLIC</literal>
> on the <literal>public</literal> schema; this change can be made
> on <literal>template1</literal> to cause all new databases
> - to have these permissions.
> + to have these permissions. This change was made to increase
> + security; see <xref linkend="ddl-schemas-patterns"/>.
> </para>
> </listitem>
I think this still puts undue weight on single-user systems moving back to the
old default. The linked documentation does say how to get back to v14
permissions (and disclaims security if you do so), so let's not mention it
here. The attached is how I would write it. I also reworked the "Databases
restored from previous ..." sentence, since its statement is also true of
databases restored v15-to-v15 (no "previous" release involved). I also moved
the bit about USAGE to end, since it's just emphasizing what the reader should
already assume. Any concerns?