[OpenFontLibrary] OFLB2: How might our upload-vetting system work?

[Ben Weiner]

Hi all,

Here's one way we could deal with uploads on the new version of the site:

1. we use Ed Trager's previewer to vet uploads (not sure exactly where 
in the site this should go, but I think it would be at 
http://openfontlibrary.fontly.org/submit/typeface and also 
http://openfontlibrary.fontly.org/submit/remix)

2. when the file validates according to the criteria we discussed (see 
also Nicolas Spalinger's comments on validation of license file, FONTLOG 
etc on 2009-06-03) then an entry is made in the new database tables 
proposed, containing enough info to key the file [perhaps with a hash 
for verification] to the ccHost system and more importantly all the 
metadata extracted by Fontaine.

3. at this point, the user can see a link to the original ccHost upload 
form. We will set this to accept only ZIP files (and preview images?).

4. if the user uploads the same ZIP file, it will be post-processed and 
a typeface record generated along with previews etc. After that point 
they are free to add preview images to make the record more compelling 
and they can edit the information as now.

The chief weakness I see is the duplication of file uploads. Thing is, 
the file needs to go through ccHost validation, restricting malicious 
uploads, only after it passes our own checks. But the ccHost upload 
process is single-stage and asks for the file in a single form along 
with name, description and license. And those are things we do need to 
ask for.

Any cleverer, more streamlined suggestions?

Ben

-- 
Ben Weiner | http://readingtype.org.uk/about/contact.html