I'm not sure we enforce signed-off-by in all projects, but we do in the most important
projects. There is a nice little app adding CI check with zero effort. Here is
a bad commit:

    https://github.com/nirs/userstorage/pull/29

When the check fails the app provides useful help for users:

    https://github.com/nirs/userstorage/pull/29/checks?check_run_id=9125092601

Looks like very little effort to improve all projects!

If you wandered what signed-off-by means, this is explained here:

    https://wiki.linuxfoundation.org/dco

Nir