Username Policy for trac-hacks.org
For reasons and ongoing discussion please visit and participate in #10092 .
Valid usernames
Rules
Formal Part
- 1
- number of characters: 5 .. 30 allowed
rationale: lower limit helps i.e. with most common acronyms, company names and Trac version numbers rationale: upper limit is a bit arbitrary here, but nevertheless should exist
- 2
- contains maximum of 3 characters repeated in a row
rationale: depreciate something like 'aaaaa', as we already witness several examples for that
- 3
- contains maximum of 3 numeric characters
rationale: depreciate phone numbers or PGP key-IDs
- 4
- no space in-between (use '_' instead)
this might be obsolete - need to look more closely to registration core for this
- 5
- doesn't contain some blacklisted character sequences, i.e.: 'test'
- 6
- brands
World-wide there are strong feelings about brands, and we'd better steer clear of even the possibility of getting involved into infringement accusations of any kind ASAP.
- 7
- new usernames must not differ from any existing username only by casing
Informal Part
- Unicode chars allowed - planned after upgrading to Trac 1.0
a phonetic/all-latin transcription is strongly recommended on the user wiki page to ease developer conversation (commonly done in English)
Enforcement
Ideally we'll implement all rules in the registration procedure provided by AccountManagerPlugin. Current status:
- 1: solution: use custom REGEXP like
username_regexp = r'(?i)^[A-Z0-9.\-_]{5,30}$'(since [11960]), and mention actual username policy prominently, up-front elsewhere - 2: plan: use REGEXP combined with 1
- 3: plan: use REGEXP combined with 1 + 2
- 4: solution: use
username_char_blacklist = : []- note the blank in-between - 5: plan: best to approach with a blacklist of character sequences, each on a line, read from a dedicated wiki page
- 6: more discussion required: not easily done by blacklisting or similar code, maybe moderation (#843) is the best approach here, but that would largely obsolete the other points and shift all the burden towards moderators, what might or might not be acceptable
- 7: solution: all checks for a username duplicate are case-less (since [11839])
Of course that doesn't help for existing accounts, and we need to called the following users for clearance:
- ash ash
Exceptions should all get documented openly. We must advertise at the mailing-list and send notifications to existing email contacts. If the user is not responsive within a reasonable amount of time, say 3 months, we'll close the account and remove it after another 3-month-period.
Exceptions
Procedure
Case documentation
Open
Reason given as reference to rules above
- Anonymous - 6
- TestTest - 5
- TestUser - 5
- asix - 6 see: www.asix.com.tw
- trachacks - 5
Settled
Reasons by number:
- a
- plugin author/maintainer or developer who actually did commits to t-h.o repository
- b
- persons clear name/contact is matching username
- c
- valid link to homepage
