It had to start sometime...
First PyPI spam?
Created 07 Nov '03
Modified 14 Dec '04
Unbelievable! And he even had the temerity to leave his email
address. I'd be inclined to put his email address somewhere where
the spammers will get ahold of it.
Anyway, clearly the bar needs to be raised for submitting a package
on PyPI. Perhaps there should be a requirement to upload a valid
setup.py file as part of the submission
Or maybe we could just allow people to upload "spam" and then have a
volunteer to clean it out (conservatively). After all,
wiki appears to
work -- perhaps
soft security
isn't so bad.
The PyPI RSS feed also makes it really easy to keep track of added
packages, so it's not too big a deal to handle the odd bit of spam.