Is this actually legally binding? What would be the difference w.r.t. informed consent, between DCOs and the "I have read and accept the terms and conditions" checkboxes from most websites?
It also gives me similar vibes to the Do-Not-Track HTTP header since both can be enabled by default.
DCO is something like "Signed-of-by: me myself <me@example.com>" you have to actively add to your contributions, which is usually a conscious and willful act that is far more complex than blindly ticking a box (or even leaving a pre-ticked box ticked). Since that bar is higher, I think the legal weight should be higher.
CLA-Assistant is also similarly simple to fill out, so that can't be the difference there...
It also gives me similar vibes to the Do-Not-Track HTTP header since both can be enabled by default.