At work we just had an informal presentation about the new "Developer's Certificate of Origin (DCO)" that Linus is adopting for Linux (see http://osdl.org/newsroom/press_releases/2004/2004_05_24_beaverton.html).
Basically, what I took from this was that the reason for this is because the Linux development process includes integration of patches submitted by various developers that are integrated by "lieutenants". In this process, the identity of the contributor can be lost if the lieutenant just takes the code into their own patchset. Interestingly, this wasn't driven by the SCO lawsuit - apparently it's been on Linus' todo list for the past year but hadn't bubbled up to the top until now. I had wondered if it had something to do with OSDL, but it turns out it doesn't; Linus just wanted OSDL to 'lightening rod' questions from reporters, and OSDL has offered to help with some kind of bk tool for databasing the contributor info, but that's still in the abstract at this point.
This process may be useful for other projects if they have a similar development model to Linux. Being able to trace the origin of all code contributions can be critical if the project ever runs into legal questions at some point.
For Inkscape, though, I think our processes are already sufficient. Because we use the patch tracker for externally contributed patches, we have a Sourceforge ID associated with each patch; we have cvs history for all direct contributors. Up 'til now we've allowed non-logged in patch submissions, however for traceability purposes I've disabled this. Our processes for updating Changelog, AUTHORS, and the release notes, also ensure that pretty much all non-trivial changes get documented. I know we sometimes get patches to the mailing list or to individuals; it would probably be wise to adopt the practice of encouraging these individuals to submit it to the patch tracker -- otherwise make doubly sure to record their name and email in the patch tracker and/or Changelog.
Disabling the anonymous patch submission will also ensure we always have the ability to re-contact the patch submitter for questions or whatever, which I think is a benefit in and of itself, but if anyone has concerns about this, lemme know. Most of the anonymous submissions so far have been translations (mainly the Catalan and Japanese translations.)
Bryce