On Mon, Aug 03, 2020 at 11:22:48AM -0400, Bruce Momjian wrote: > On Sun, Aug 2, 2020 at 11:30:50PM -0700, Noah Misch wrote: > > On Fri, Mar 23, 2018 at 07:47:39PM -0700, Noah Misch wrote: > > > In light of the mixed reception, I am withdrawing this proposal. > > > > I'd like to reopen this. Reception was mixed, but more in favor than > > against. > > Also, variations on the idea trade some problems for others and may be more > > attractive. The taxonomy of variations has three important dimensions: > > > > Interaction with dump/restore (including pg_upgrade) options: > > a. If the schema has a non-default ACL, dump/restore reproduces it. > > Otherwise, the new default prevails. > > b. Dump/restore always reproduces the schema ACL. > > I am worried that someone _slightly_ modifies the ACL permissions on the > schema, and we reproduce it, and they think they are secure, but they > are not. I guess for the public, and change would be to make it more > secure, so maybe this works, but it seems tricky.
Unless someone advocates for (a), we have dodged that problem, right?
