This discussion is really the flip side of Serious OPAM package quality issues.
I recently made my first PR to opam-repository and was delighted that the reviewer was thorough enough to discover an issue. Users should only trust a repository of executable code if there is some kind of verification in place. An alternative to reviews is to incrementally establishing trust in publishers and individual packages after the fact, and this may be an increasingly common approach to regulation. But I can’t help thinking part of the mechanism at work is to make early adopters (read: unsuspecting users) guinea pigs. At least without access to really large number of users, propagating trust though social connections or known authorities seems more reliably, which may be the idea of the upcoming conex.
For newcomers, I would believe the most immanent issue would be to fint a way to distribute packages to themselves and colleges, in which case one can bypass the PR and create a personal opam repository.