ok, even though i didn't list it, we are currently at step 2.5
This means the server will start accepting sha256 only authentication and, if it fails, it will attempt to do md5 authentication and storing of sha256 hash if provided. so just like step 3, only we didn't release the client yet. For who uses 0.5.8.1 nothing changes, for who uses svn clients it will mean they will start using the sha256 salted authentication.