This ticket exists to track the interaction design of the upload
process.

I'll try to start designing this and post iterations to the mailing
list to get feedback.

Questions that need to be answered:


-  What are the different use cases? What goals do our users have?
-  How can we reach these goals in typical awesome GNU MediaGoblin
   fashion? What steps will the users have to take to upload media?
-  What kind of information will they need to provide in the forms?
   What should be mandatory and what should be optional?
-  How do we deal with uploading large amounts of images? How can
   we provide the best way to upload a single image, several images or
   a huge number of images?

...etc.

After the design is done we can divide it into smaller parts, check
what still needs to be done and report bugs on those issues.

mongodb needs 0.5 GB for a fresh install. Half of this goes to
kombu.

kombu could use redis or some other transport (see
`#322 </issues/322>`_), so fixing `#322 </issues/322>`_ will help
this issue too.

mongodb database files contain a lot of NUL bytes. So one can
easily use sparse files to save space on disk:

::

     # service mongodb stop
     # cd /var/lib/
     # cp -a --sparse=always mongodb mongodb.new
     # mv mongodb mongodb.old
     # mv mongodb.new mongodb
     # service mongodb start
     # # TEST mongodb
     # rm -rf mongodb.old

Maybe later versions of mongodb do this already internally. The
above was needed on mongodb from debian/stable.

Documenting the "make sparse" possibility will also help this
issue.

Currently you can try to upload a html file.

What happens currebtly? It sticks in the queue, because celery goes
crazy on it.
The good news: It does not end up in a public place.

What should NEVER, ever happen: The file being put in a public
place. It's the best XSS attack to come up with.

Rating this high, because this needs to be right for security
reasons.