A couple of pieces of prior art: In Django, where we supply a command to let users create a new project or application, we ask the user to supply a name. And then as a quick check before proceeding, attempt to import the supplied name; if the import succeeds, the startapp/startproject command bails out telling you not to shadow an existing Python module.
Meanwhile, over in django-registration (a Django app for user-account signups), there's a medium-sized list of "usernames" which are marked as reserved by default, and validators which reject on them to avoid registering some potentially-sensitive names. The list there is all manual, and based on this original list: https://ldpreload.com/blog/names-to-reserve Plus some extra stuff that isn't sensitive as a subdomain/mailbox name but might still be a problem (i.e., if you give users account-profile URLs like /users/<username>, you probably don't want someone coming in as /users/signup).
_______________________________________________ Distutils-SIG maillist - [email protected] https://mail.python.org/mailman/listinfo/distutils-sig
