A contributor should use an OpenPGP key to sign (certify) the code introduced in the source. To understand why we should do this and what we're protecting the source code from, read A Git Horror Story: Repository Integrity With Signed Commits.
git config --global user.signingkey 75D4AE85B9520933
git commit -a -S -m 'signed commit'
Full details from git-scm.com: Signing your work