relnotes: improve PG 15 schema permission change wording

Reported-by: Noah Misch
Discussion: https://postgr.es/m/20220630050808[email protected]

Backpatch-through: 15 only

diff --git a/doc/src/sgml/release-15.sgml b/doc/src/sgml/release-15.sgml
index 1cf6375ed1d3076ff3e29036d35bb2b1f5c92f34..cebc124ba4e6fe1001606eb02e609d429e9e9994 100644 (file)
--- a/doc/src/sgml/release-15.sgml
+++ b/doc/src/sgml/release-15.sgml
@@ -58,16 +58,20 @@ Author: Noah Misch 
      
 
      
-      This is a change in the default for newly-created databases in
-      existing clusters and for new clusters;  USAGE
-      permissions on the public schema has not
-      been changed.  Databases restored from previous Postgres releases
-      will be restored with their current permissions.  Users wishing
-      to have the former permissions will need to grant
-      CREATE permission for PUBLIC
-      on the public schema; this change can be made
-      on template1 to cause all new databases
-      to have these permissions.
+      The new default is one of the secure schema usage patterns that 
+      linkend="ddl-schemas-patterns"/> has recommended since the security
+      release for CVE-2018-1058.  The change applies to newly-created
+      databases in existing clusters and for new clusters.  Upgrading a
+      cluster or restoring a database dump will preserve existing permissions.
+     
+
+     
+      For existing databases, especially those having multiple users,
+      consider revoking CREATE permission on
+      the public schema to adopt this new default.
+      For new databases having zero need to defend against insider threats,
+      granting CREATE permission will yield the behavior
+      of prior releases.