diff --git a/doc/src/sgml/ddl.sgml b/doc/src/sgml/ddl.sgml
index ed034a6b1d..ee7ebb8ec5 100644
--- a/doc/src/sgml/ddl.sgml
+++ b/doc/src/sgml/ddl.sgml
@@ -3224,26 +3224,26 @@ REVOKE CREATE ON SCHEMA public FROM PUBLIC;
            CREATEROLE user can issue "GRANT $dbowner TO $me" and then use the
            database owner attack. -->
       <para>
-       Constrain ordinary users to user-private schemas.  To implement this,
-       first issue <literal>REVOKE CREATE ON SCHEMA public FROM
-       PUBLIC</literal>.  Then, for every user needing to create non-temporary
-       objects, create a schema with the same name as that user.  Recall that
-       the default search path starts with <literal>$user</literal>, which
-       resolves to the user name.  Therefore, if each user has a separate
-       schema, they access their own schemas by default.  After adopting this
-       pattern in a database where untrusted users had already logged in,
-       consider auditing the public schema for objects named like objects in
-       schema <literal>pg_catalog</literal>.  This pattern is a secure schema
-       usage pattern unless an untrusted user is the database owner or holds
-       the <literal>CREATEROLE</literal> privilege, in which case no secure
+       Constrain ordinary users to user-private schemas.  For every user
+       needing to create non-temporary objects, create a schema with the same
+       name as that user.  Recall that the default search path starts with
+       <literal>$user</literal>, which resolves to the user name.  Therefore,
+       if each user has a separate schema, they access their own schemas by
+       default.  This pattern is a secure schema usage pattern unless an
+       untrusted user is the database owner or holds the
+       <literal>CREATEROLE</literal> privilege, in which case no secure
        schema usage pattern exists.
       </para>
       <para>
        If the database originated in an upgrade
        from <productname>PostgreSQL</productname> 14 or earlier,
-       the <literal>REVOKE</literal> is essential.  Otherwise, the default
-       configuration follows this pattern; ordinary users can create only
-       temporary objects until a privileged user furnishes a schema.
+       it is necessary to execute <literal>REVOKE CREATE ON SCHEMA public
+       FROM PUBLIC</literal> in order to implement this pattern,
+       because those versions granted the <literal>CREATE</literal> privilege
+       on the <literal>public</literal> schema to <literal>PUBLIC</literal>.
+       After this <literal>REVOKE</literal>, consider auditing the public
+       schema for objects named like objects in
+       schema <literal>pg_catalog</literal>.
       </para>
      </listitem>