To avoid contamination of the Arrow code with wrong licensed code, which can be accidentally included into arrow, including GPL code, and track the contributions maintainers needs to check actually whether committer has signed the ICLA or CCLA, and listed in the contributors file - which we do not have. This is needed to set the clean chain of contribution to safeguard 3rd parties. So either let's add CONTRIBUTORS file, or also we can add "sign-off by process" [1] as it is used in Kernel. The latter will allow single patch contribution without CLA submission. I do not know what are the requirements of the Apache Foundation, but web page does not state sole requirement only on CLA.
[1] https://ltsi.linuxfoundation.org/software/signed-off-process/
