Username Policy for

For reasons and ongoing discussion please visit and participate in #10092 .

Valid usernames


Formal Part

number of characters: 5 .. 30 allowed

rationale: lower limit helps i.e. with most common acronyms, company names and Trac version numbers rationale: upper limit is a bit arbitrary here, but nevertheless should exist

contains maximum of 3 characters repeated in a row

rationale: depreciate something like 'aaaaa', as we already witness several examples for that

contains maximum of 3 numeric characters

rationale: depreciate phone numbers or PGP key-IDs

no space in-between (use '_' instead)

this might be obsolete - need to look more closely to registration core for this

doesn't contain some blacklisted character sequences, i.e.: 'test'

World-wide there are strong feelings about brands, and we'd better steer clear of even the possibility of getting involved into infringement accusations of any kind ASAP.

new usernames must not differ from any existing username only by casing

Informal Part

  • Unicode chars allowed - planned after upgrading to Trac 1.0

a phonetic/all-latin transcription is strongly recommended on the user wiki page to ease developer conversation (commonly done in English)


Ideally we'll implement all rules in the registration procedure provided by AccountManagerPlugin. Current status:

  • 1: solution: use custom REGEXP like username_regexp = r'(?i)^[A-Z0-9.\-_]{5,30}$' (since [11960]), and mention actual username policy prominently, up-front elsewhere
  • 2: plan: use REGEXP combined with 1
  • 3: plan: use REGEXP combined with 1 + 2
  • 4: solution: use username_char_blacklist = : [] - note the blank in-between
  • 5: plan: best to approach with a blacklist of character sequences, each on a line, read from a dedicated wiki page
  • 6: more discussion required: not easily done by blacklisting or similar code, maybe moderation (#843) is the best approach here, but that would largely obsolete the other points and shift all the burden towards moderators, what might or might not be acceptable
  • 7: solution: all checks for a username duplicate are case-less (since [11839])

Of course that doesn't help for existing accounts, and we need to called the following users for clearance:

Exceptions should all get documented openly. We must advertise at the mailing-list and send notifications to existing email contacts. If the user is not responsive within a reasonable amount of time, say 3 months, we'll close the account and remove it after another 3-month-period.



Case documentation


Reason given as reference to rules above

  • Anonymous - 6
  • TestTest - 5
  • TestUser - 5
  • asix - 6 see:
  • trachacks - 5


Reasons by number:

plugin author/maintainer or developer who actually did commits to t-h.o repository
persons clear name/contact is matching username
valid link to homepage
Last modified 8 years ago Last modified on Sep 3, 2015, 12:03:27 AM