The more I think about it, the less I think that's true. The process seems pretty reasonable; updates are queued, testers vote, things are promoted after sufficient votes. It seems pretty obvious that people shouldn't be voting for their own packages, especially not multiple times, and there's a limit to how much you can ever really lock this sort of thing down while still having a functioning community system.

I don't think the system has a bug that can be fixed, because the 'bug' such as it is, is to assume a degree of good faith on the part of community members. We should be able to assume that, and we'll all be worse off if we don't, and instead mistrust everyone all the time.

SIO2 didn't exploit a technical bug, he exploited people's trust.

As for what to do next, if there isn't already a maemo.org policy on how to handle this sort of situation, it sounds to me like it should be a matter for the Community Council to decide whether maemo.org should offer a second chance to this developer - it's not something that we can, or should try to decide in this thread.