Yes, I do too, and the fact that most of it is open source with full revision history, issue tracker, reverse deps, etc. makes a big difference. I think it’s a luxury to have review, but we should have a way to establish initial trust in authors. General code quality and support status can be accumulated after publication1, but if an anonymous author can post a package to a repo, that’s a security nightmare.
1 For OPAM splitting up the official channel into a testing and stable area may help avoiding damage to production environments, but we’d need a way to collect metrics if we want to factor out the review for the stable channel. CI is very nice, but does not replace human judgement on all points.