On Fri, Mar 31, 2017 at 7:40 PM, Tom Lane <t...@sss.pgh.pa.us> wrote:
> Robert Haas <robertmh...@gmail.com> writes: > > On Fri, Mar 31, 2017 at 11:29 AM, Tom Lane <t...@sss.pgh.pa.us> wrote: > >> The argument for not back-patching a bug fix usually boils down to > >> fear of breaking existing applications, but it's hard to see how > >> removal of a permission check could break a working application --- > >> especially when the permission check is as hard to trigger as this one. > >> How many table owners ever revoke their own REFERENCES permission? > > > Sure, but that argument cuts both ways. If nobody ever does that, who > > will be helped by back-patching this? > > I certainly agree that back-patching this change is pretty low risk. > > I just don't think it has any real benefits. > > I think the benefit is reduction of user confusion. Admittedly, since > Paul is the first person I can remember ever having complained about it, > maybe nobody else is confused. > I think we also need to be extra careful about changing *security related* behavior in back branches, even more so than other behavior. In this case I think it's quite unlikely that it would hit somebody, but the risk is there. And people generally auto-upgrade to the latest minor releases, whereas they at least in theory read the top of the release notes when doing a major upgrade (ok, most people probably don't, but at least some do). -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
