I’m going to just step in as someone who has run multiple communities (including multiple Python user groups), and use modified CC for every community I’m in charge of. I am not associated with the Code of Conduct working group, so this is outsider with experience talking:
I have only once had to unilaterally act on a report without talking to the accused. Exactly once. The person was holding themselves out as a leader of the group and wrote extremely racists things on LinkedIn (where the name of our organization was listed as one of their current resume pieces.)
The reason we don’t share accusations publicly is to protect the accused and minimize harassment for the accuser. Depending on the severity of the action, we’re going to either hold that information (usually some kind of report and enforcement log), or we’re going to do a cursory investigation to verify. If that initial investigation turns out information that we deem actionable, we’ll start the enforcement ladder. A lot of the enforcement ladder in most groups is informal. It’s verbal warnings, “hey, maybe don’t” and often presented as neutrally as possible.
In most contexts, if I need to move to formal enforcement, it has already been going on too long. I wish I had good stories to tell, but often if I have to given a formal written warning, that person is going to be suspended in short order. If they need a suspension, the risk of a ban is great.
The great news is, working this way, with minimal correction, means the folks who do fix their behavior? It can’t be a black mark on their record because the community at large never hears about it.
The actual problem with Code of Conduct enforcement is that the formal, visible part is the last mile. The kinds of people who refuse to listen to gentle warnings, generally don’t listen to formal reprimands. And failure to enforce harms your entire community.
The kind of community harm a bad actor can cause is existential to volunteer organizations.