wiki:SiteUpgradeProposal/UserClearance

Version 20 (modified by Steffen Hoffmann, 12 years ago) (diff)

hint on new option username_regexp resolving another requirement

Username Policy for trac-hacks.org

For reasons and ongoing discussion please visit and participate in #10092 .

Valid usernames

Rules

Formal Part

1
number of characters: 5 .. 30 allowed

rationale: lower limit helps i.e. with most common acronyms, company names and Trac version numbers rationale: upper limit is a bit arbitrary here, but nevertheless should exist

2
contains maximum of 3 characters repeated in a row

rationale: depreciate something like 'aaaaa', as we already witness several examples for that

3
contains maximum of 3 numeric characters

rationale: depreciate phone numbers or PGP key-IDs

4
no space in-between (use '_' instead)

this might be obsolete - need to look more closely to registration core for this

5
doesn't contain some blacklisted character sequences, i.e.: 'test'
6
brands

World-wide there are strong feelings about brands, and we'd better steer clear of even the possibility of getting involved into infringement accusations of any kind ASAP.

7
new usernames must not differ from any existing username only by casing

Informal Part

  • Unicode chars allowed - planned after upgrading to Trac 1.0

a phonetic/all-latin transcription is strongly recommended on the user wiki page to ease developer conversation (commonly done in English)

Enforcement

Ideally we'll implement all rules in the registration procedure provided by AccountManagerPlugin. Current status:

  • 1: solution: use custom REGEXP like `username_regexp = r'(?i)[A-Z0-9.\-_]{5,30}$' (since [11960]), and mention actual username policy prominently, up-front elsewhere
  • 2: plan: use REGEXP combined with 1
  • 3: plan: use REGEXP combined with 1 + 2
  • 4: solution: use username_char_blacklist = : [] - note the blank in-between
  • 5: plan: best to approach with a blacklist of character sequences, each on a line, read from a dedicated wiki page
  • 6: more discussion required: not easily done by blacklisting or similar code, maybe moderation (#843) is the best approach here, but that would largely obsolete the other points and shift all the burden towards moderators, what might or might not be acceptable
  • 7: solution: all checks for a username duplicate are case-less (since [11839])

Of course that doesn't help for existing accounts, and we need to called the following users for clearance:

Exceptions should all get documented openly. We must advertise at the mailing-list and send notifications to existing email contacts. If the user is not responsive within a reasonable amount of time, say 3 months, we'll close the account and remove it after another 3-month-period.

Exceptions

Procedure

Case documentation

Open

Reason given as reference to rules above

  • Anonymous - 6
  • TestTest - 5
  • TestUser - 5
  • asix - 6 see: www.asix.com.tw

Settled

Reasons by number:

a
plugin author/maintainer or developer who actually did commits to t-h.o repository
b
persons clear name/contact is matching username
c
valid link to homepage