It had to start sometime...
First PyPI spam?
Created 07 Nov '03
Modified 14 Dec '04
Unbelievable! And he even had the temerity to leave his email address. I'd be inclined to put his email address somewhere where the spammers will get ahold of it.
Anyway, clearly the bar needs to be raised for submitting a package on PyPI. Perhaps there should be a requirement to upload a valid setup.py file as part of the submission
Or maybe we could just allow people to upload "spam" and then have a volunteer to clean it out (conservatively). After all, wiki appears to work -- perhaps soft security isn't so bad.
The PyPI RSS feed also makes it really easy to keep track of added packages, so it's not too big a deal to handle the odd bit of spam.