I believe the obsession with identifying contributors can have a severe negative impact on open source development. I get the security perspective, but since that part of the industry seems bored far too often, recommendations should be followed cautiously. I am just a very small time open source contributor, but I don't want a developer certificate to be identifiable. I don't like signed code or executables and I don't think I would have contributed if I had to jump through such holes.