If you don't sign off on something, you can't put it into the public tree -- that's the whole philosophy behind the DCO, to have all contributions traceable to their origins, by having a "trail of bread crumbs".
Note I did not write the patch and the original author has of course signed off, but is unable to commit herself.
[I don't mean you personally of course].
You can only commit a patch to the tree if you take responsibility for it (at some level), and that means you'll have to sign off on it.
Yes. You got the code, you passed it on. You better make sure that you know what you're signing for though -- i.e., you should make reasonably sure that the person who sent you the patch had the right to do so (whether something is sent via a mailing list makes no difference at all btw -- conducting your business in the open doesn't change the business).
Again, the poster has signed off.
When you want to pass the code on (for example, by committing it to the repo), you have to sign off on it as well.
Well it would be really weird to sign-off on a patch that you don't agree with, so acked-by is quite redundant if you already signed off on a patch.
I would first review (ack) and then commit (sign off) ..
It seems neither the sign-off nor the ack fits for just a commit.
You *need* a signed-off for a commit though, that's what the DCO is all about.
If what you want is keeping track of committers -- that's not a property of a patch, but a property of the repo; any good SCM tracks that for you automatically.