When faced with a vulnerability, it’s common to evaluate whether it can be exploited in one’s context. Thus, I don’t think that preventing installation of packages is a good idea. With the Marshal vulnerabilities, it’s definitely possible to assess whether data can be loaded that way and whether that data is untrusted.
We almost don’t have memory-safety issues and have good guarantees thanks to strong typing that is more advanced than in most common languages. The number of security vulnerabilities for OCaml is lower than for other languages. Assessing exposure is doable.
I think opam audit is a good idea and while security vulnerabilities are annoying to deal with, it really doesn’t look like there is a tsunami of them. It seems a better balance to give users tools to do their own assessments and not put more load on the security team; maybe that in the future it will save time to extend tooling but it doesn’t feel like it’s currently the case.
I also think that having a warning each time opam install/upgrade/update runs is sensible. Worst case, it can be toned down later on.