On Tue, Jul 12, 2022 at 02:47:07PM -0400, Bruce Momjian wrote: > On Mon, Jul 11, 2022 at 11:31:32PM -0700, Noah Misch wrote: > > On Mon, Jul 11, 2022 at 12:39:57PM -0400, Bruce Momjian wrote: > > > I had trouble reading the sentences in the order you used so I > > > restructured it: > > > > > > The new default is one of the secure schema usage patterns that <xref > > > linkend="ddl-schemas-patterns"/> has recommended since the security > > > release for CVE-2018-1058. The change applies to newly-created > > > databases in existing clusters and for new clusters. Upgrading a > > > cluster or restoring a database dump will preserve existing permissions. > > > > I agree with the sentence order change. > > Great. > > > > For existing databases, especially those having multiple users, consider > > > issuing <literal>REVOKE</literal> to adopt this new default. For new > > > databases having zero need to defend against insider threats, granting > > > <literal>USAGE</literal> permission on their <literal>public</literal> > > > schemas will yield the behavior of prior releases. > > > > s/USAGE/CREATE/ in the last sentence. Looks good with that change. > > Ah, yes, of course.
Patch applied, I also adjusted the second paragraph to be more symmetric. You can see the results here: https://momjian.us/pgsql_docs/release-15.html -- Bruce Momjian <br...@momjian.us> https://momjian.us EDB https://enterprisedb.com Indecision is a decision. Inaction is an action. Mark Batterson