Re: First draft of the PG 15 release notes
Noah Misch <noah@leadboat.com>
On Tue, Jul 05, 2022 at 04:35:32PM -0400, Bruce Momjian wrote:
> On Tue, Jul 5, 2022 at 12:53:49PM -0700, Noah Misch wrote:
> > On Tue, Jul 05, 2022 at 02:35:39PM -0400, Bruce Momjian wrote:
> > > On Fri, Jul 1, 2022 at 06:21:28PM -0700, Noah Misch wrote:
> > > > Here's what I've been trying to ask: what do you think of linking to
> > > > https://www.postgresql.org/docs/devel/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
> > > > here? The release note text is still vague, and the docs have extensive
> > > > coverage of the topic. The notes can just link to that extensive coverage.
> > >
> > > Sure. how is this patch?
> >
> > > --- a/doc/src/sgml/release-15.sgml
> > > +++ b/doc/src/sgml/release-15.sgml
> > > @@ -63,11 +63,12 @@ Author: Noah Misch <noah@leadboat.com>
> > > permissions on the <literal>public</literal> schema has not
> > > been changed. Databases restored from previous Postgres releases
> > > will be restored with their current permissions. Users wishing
> > > - to have the former permissions will need to grant
> > > + to have the former more-open permissions will need to grant
> > > <literal>CREATE</literal> permission for <literal>PUBLIC</literal>
> > > on the <literal>public</literal> schema; this change can be made
> > > on <literal>template1</literal> to cause all new databases
> > > - to have these permissions.
> > > + to have these permissions. This change was made to increase
> > > + security; see <xref linkend="ddl-schemas-patterns"/>.
> > > </para>
> > > </listitem>
> >
> > I think this still puts undue weight on single-user systems moving back to the
> > old default. The linked documentation does say how to get back to v14
> > permissions (and disclaims security if you do so), so let's not mention it
> > here. The attached is how I would write it. I also reworked the "Databases
> > restored from previous ..." sentence, since its statement is also true of
> > databases restored v15-to-v15 (no "previous" release involved). I also moved
> > the bit about USAGE to end, since it's just emphasizing what the reader should
> > already assume. Any concerns?
>
> I see where you are going --- to talk about how to convert upgraded
> clusters to secure clusters, rather than how to revert to the previous
> behavior. I assumed that the most common question would be how to get
> the previous behavior, rather than how to get the new behavior in
> upgraded clusters. However, I am fine with what you think is best.
Since having too-permissive ACLs is usually symptom-free, I share your
forecast about the more-common question. Expect questions on mailing lists,
stackoverflow, etc. The right way to answer those questions is roughly this:
> On PostgreSQL 15, my application gets "permission denied for schema
> public". What should I do?
You have a choice to make. The best selection depends on the security
needs of your database. See
https://www.postgresql.org/docs/devel/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
for a guide to making that choice.
Recommending GRANT to that two-sentence question would be negligent. One
should know a database's lack of security needs before recommending GRANT.
This is a key opportunity to have more users make the right decision while
their attention is on the topic.
> My only stylistic suggestion would be to remove "a" from "a
> <literal>REVOKE</literal>".
I'll plan to push with that change.
Commits
-
Doc: last minute adjustment to the release notes
- bb76510a07f3 15.0 landed
-
Doc: more tweaking of v15 release notes.
- 780add2c32a7 15.0 landed
-
Doc: further adjust notes about pg_upgrade_output.d.
- fbd2bd15b011 16.0 landed
- 796aa20a11b4 15.0 landed
-
Doc: add list of major features to the v15 release notes.
- a2ab0ad88cf8 15.0 landed
-
relnotes: update item about public schema permission change
- f5135d2aba87 15.0 landed
-
relnotes: update ordered partition scan item
- de89d8711e2b 15.0 landed
-
relnotes: add Heikki to UTF8 item
- 335e444f2269 15.0 landed
-
relnotes: improve UTF8 text item in relation to ASCII
- 9499c0fcf488 15.0 landed
-
relnotes: add null logical replication item
- 3715850ecc52 15.0 landed
-
relnotes: adjust several logical replication items and FK text
- 25285e5d4ee5 15.0 landed
-
relnotes: mention non-exclusive backup mode was deprecated
- 6bfecf33f6ed 15.0 landed
-
relnotes: add author to in-memory sorts item
- d70b95a7178a 15.0 landed
-
relnotes: update for non-exclusive backup mode removal
- da82c6246986 15.0 landed
-
relnote: improve sorting entries
- 922d1a27e9bd 15.0 landed
-
relnotes: adjustments from Álvaro Herrera
- 78ccd6cca48d 15.0 landed
-
relnotes: update foreign key partition and add sort items
- 279d957efebb 15.0 landed
-
relnotes: more adjustments
- 38fbbb5bb293 15.0 landed
-
relnotes: logical replication permissions checked by subscrib.
- 581c4e5b3185 15.0 landed
-
relnotes: adjustments
- a3c5f56c213e 15.0 landed
-
relnotes: remove sequence replication and update 'postgres -C'
- 653443ed83f0 15.0 landed
-
relnote: extensive updates
- 9d89bb8a025d 15.0 landed
-
relnotes: "training" -> "trailing"
- 3c534949bbb0 15.0 landed
-
Standardize references to Zstandard as <productname>
- 586955dddecc 15.0 cited
-
pgstat: Update docs to match the shared memory stats reality.
- b3abca68106d 15.0 cited
-
Raise a WARNING for missing publications.
- 8f2e2bbf1453 15.0 cited
-
Skip empty transactions for logical replication.
- d5a9d86d8ffc 15.0 cited
-
Optionally disable subscriptions on error.
- 705e20f8550c 15.0 cited
-
Allow root-owned SSL private keys in libpq, not only the backend.
- 2a1f84636dc3 14.3 cited
-
Use COPY FREEZE in pgbench for faster benchmark table population.
- 06ba4a63b85e 15.0 cited