Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uNvQn-00BzU4-74 for pgsql-hackers@arkaria.postgresql.org; Sat, 07 Jun 2025 15:26:01 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1uNvQl-00Dgc2-AD for pgsql-hackers@arkaria.postgresql.org; Sat, 07 Jun 2025 15:25:59 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uNvQl-00Dgbs-0D for pgsql-hackers@lists.postgresql.org; Sat, 07 Jun 2025 15:25:59 +0000 Received: from momjian.us ([72.94.173.45]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1uNvQj-000jIv-1y for pgsql-hackers@lists.postgresql.org; Sat, 07 Jun 2025 15:25:59 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=momjian.us; s=2025010100; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description; bh=fZXPEw9DApPSIqPlEvAgeW0wPrJe+P5PlBU9PdyCgLs=; b=IKdj+ kD6fG8VD8/o00khPHgRxzO7ypp4bIMzWszPANdgNa16PzgbwK6GwtuUbQVUl12Mw+GPNWfSqOS8tE CUv6JarmsF4YdLK/sGWcI4gRGpPKKqn1vD3x+zBptmG9EBxc0yt/XBm99xdiwm/SSDHGWJjWIspxl K7hZ+U+dU5dDm6afT2+J3DRzAU2jHMqeO38k5QMblsdYwZE2mM8CGL20aPUfjEjS7shd0xGWq+qBL mjssMEKaMwkq4alXud3h2cBBi4AWdFxUKUF5dOtg9Wfy1hazZy5ftw56JO8biAtITVPuiEy/C1dDW FwhCMrwSUvUGysstIVfFb08QBkilg==; Received: from bruce by momjian.us with local (Exim 4.96) (envelope-from ) id 1uNvQh-00FayG-0t; Sat, 07 Jun 2025 11:25:55 -0400 Date: Sat, 7 Jun 2025 11:25:55 -0400 From: Bruce Momjian To: Noah Misch Cc: PostgreSQL-development Subject: Re: PG 18 release notes draft committed Message-ID: References: <20250603172123.5f.nmisch@google.com> <20250604212946.cd.nmisch@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Thu, Jun 5, 2025 at 08:32:44PM -0400, Bruce Momjian wrote: > On Wed, Jun 4, 2025 at 05:53:38PM -0400, Bruce Momjian wrote: > > On Wed, Jun 4, 2025 at 02:29:46PM -0700, Noah Misch wrote: > > > I agree with David G. Johnston's feedback on this. My draft didn't mention > > > SECURITY DEFINER, because I consider it redundant from a user's perspective. > > > If a function is SECURITY DEFINER, that always overrides other sources of user > > > identity. No need to mention it each time. > > > > Well, if it is a SECURITY DEFINER function, it is not going to be run as > > the user who is active at commit/execution time, so I think we have to > > specify that. > > I came up with this text: > > Execute AFTER triggers as the role that was active when trigger > events were queued > > Previously such triggers were run as the role that was active at > trigger execution time (e.g., at COMMIT). This is significant > for cases where the role is changed between queue time and > transaction commit. Item added to the incompatibilities section of the release notes. -- Bruce Momjian https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.