Re: Stronger hashes for the lookaside cache: Migration plan

The first [five] patches to be merged would be on the infrastructure side:

With that deployed in production, pretty much nothing changes for clients: they can still upload tarballs using md5, just like right now. However, the server-side starts accepting uploads with sha512. At the same time, we can apply the client-side patch to fedpkg:

That simply removes the assumption that we're always uploading with md5, instead respecting the 'lookaside_hash' parameter in /etc/rpkg/$site.conf... which is still md5 right now. So with all the above applied and deployed, nothing changes. :) The last things to do are: - set the `lookaside_hash` parameter to `sha512` in fedpkg.conf (one-line patch not yet submitted)

- copy all the archives currently on the lookaside cache into the proper path based on their sha512 hash (with hardlinking to save space) - on a cut-off date, drop the md5 fallback from the server-side cgi script

The last point above would obviously need to happen **after** the first one (i.e a new fedpkg landed in stable with that new configuration value), pretty much as soon as we're ready. At that point, new archives are uploaded exclusively using sha512, but old archives are available both as md5 or sha512.