Not cool. Now the Python Package Index is being spammed - in this case, a financial advisor registered himself as a package on PyPI - the downside of an open architecture. Maybe it would be better if projects had to request a project key first and could only send updates with it - that would have prevented spam from the start, but would have required more work upfront since these keys would need to be manually approved for the whole thing to make sense. Let's see how PyPI tackles the problem.
I found the original article at Artima Python Buzz.