Re: First draft of the PG 15 release notes

Bruce Momjian <bruce@momjian.us>

From: Bruce Momjian <bruce@momjian.us>
To: Noah Misch <noah@leadboat.com>
Cc: PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2022-07-05T20:35:32Z
Lists: pgsql-hackers
On Tue, Jul  5, 2022 at 12:53:49PM -0700, Noah Misch wrote:
> On Tue, Jul 05, 2022 at 02:35:39PM -0400, Bruce Momjian wrote:
> > On Fri, Jul  1, 2022 at 06:21:28PM -0700, Noah Misch wrote:
> > > Here's what I've been trying to ask: what do you think of linking to
> > > https://www.postgresql.org/docs/devel/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
> > > here?  The release note text is still vague, and the docs have extensive
> > > coverage of the topic.  The notes can just link to that extensive coverage.
> > 
> > Sure. how is this patch?
> 
> > --- a/doc/src/sgml/release-15.sgml
> > +++ b/doc/src/sgml/release-15.sgml
> > @@ -63,11 +63,12 @@ Author: Noah Misch <noah@leadboat.com>
> >        permissions on the <literal>public</literal> schema has not
> >        been changed.  Databases restored from previous Postgres releases
> >        will be restored with their current permissions.  Users wishing
> > -      to have the former permissions will need to grant
> > +      to have the former more-open permissions will need to grant
> >        <literal>CREATE</literal> permission for <literal>PUBLIC</literal>
> >        on the <literal>public</literal> schema; this change can be made
> >        on <literal>template1</literal> to cause all new databases
> > -      to have these permissions.
> > +      to have these permissions.  This change was made to increase
> > +      security;  see <xref linkend="ddl-schemas-patterns"/>.
> >       </para>
> >      </listitem>
> 
> I think this still puts undue weight on single-user systems moving back to the
> old default.  The linked documentation does say how to get back to v14
> permissions (and disclaims security if you do so), so let's not mention it
> here.  The attached is how I would write it.  I also reworked the "Databases
> restored from previous ..." sentence, since its statement is also true of
> databases restored v15-to-v15 (no "previous" release involved).  I also moved
> the bit about USAGE to end, since it's just emphasizing what the reader should
> already assume.  Any concerns?

I see where you are going --- to talk about how to convert upgraded
clusters to secure clusters, rather than how to revert to the previous
behavior.  I assumed that the most common question would be how to get
the previous behavior, rather than how to get the new behavior in
upgraded clusters.  However, I am fine with what you think is best.

My only stylistic suggestion would be to remove "a" from "a
<literal>REVOKE</literal>".

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Indecision is a decision.  Inaction is an action.  Mark Batterson




Commits

  1. Doc: last minute adjustment to the release notes

  2. Doc: more tweaking of v15 release notes.

  3. Doc: further adjust notes about pg_upgrade_output.d.

  4. Doc: add list of major features to the v15 release notes.

  5. relnotes: update item about public schema permission change

  6. relnotes: update ordered partition scan item

  7. relnotes: add Heikki to UTF8 item

  8. relnotes: improve UTF8 text item in relation to ASCII

  9. relnotes: add null logical replication item

  10. relnotes: adjust several logical replication items and FK text

  11. relnotes: mention non-exclusive backup mode was deprecated

  12. relnotes: add author to in-memory sorts item

  13. relnotes: update for non-exclusive backup mode removal

  14. relnote: improve sorting entries

  15. relnotes: adjustments from Álvaro Herrera

  16. relnotes: update foreign key partition and add sort items

  17. relnotes: more adjustments

  18. relnotes: logical replication permissions checked by subscrib.

  19. relnotes: adjustments

  20. relnotes: remove sequence replication and update 'postgres -C'

  21. relnote: extensive updates

  22. relnotes: "training" -> "trailing"

  23. Standardize references to Zstandard as <productname>

  24. pgstat: Update docs to match the shared memory stats reality.

  25. Raise a WARNING for missing publications.

  26. Skip empty transactions for logical replication.

  27. Optionally disable subscriptions on error.

  28. Allow root-owned SSL private keys in libpq, not only the backend.

  29. Use COPY FREEZE in pgbench for faster benchmark table population.