Note that earlier versions included a Missions discussion that has now moved to elsewhere (text and Discussion).
m20070918.5: The principles part of the Mission and Principles document is approved for the time being, but it is expected to evolve further.
We do not discriminate. We make our products available to all; if a segment of the users is disadvantaged then this is a bug.
All revenues are reviewed for openness and transparency.
We do not sell certificates, rather we may enter into other activities to cover our costs in helping the users to secure themselves.
It is not our purpose to compete with commercial firms. If they can do a better job, let them. If the product works better free, then let it be free. Our goal is to help our users freely secure themselves.
We strive to open up as many of our processes as possible. We strive to present our decisions, products and services as transparent. We do not do secret deals.
We do not deceive. We disclose a fair and complete story. We commit to full disclosure of security breaches. We reveal our conflicts of interest, for the community to judge.
We encourage others to write about us.
We train our users. We train our users to train other users.
If we accept someone in a role, we train, we test, and we support them. The training is provided for free.
For our core community roles such as Assurer, sufficient quality training will be available at no charge. This does not preclude cost recovery for commercial services.
We are focused on the security of our own users, our own community.
In so far as outside interests can support us, then we may accept their help. In so far as outside interests threaten the security of our users, we are against them. / we will defend out users / we will....
When we take on a job, we do it, until we can't. When we cannot do a job, we say so. When we run out of time, we organise a replacement.
We strive to provide security. This means that we cooperate in securing ourselves and others. As a principle, security is led by the Security Officer, but it is our joint responsibility. Where we come into contact with security breaches, we disclose these.
We keep our disputes in-house. We strive to train our users, and where things go wrong, we address before a forum of peers.
FAIR means: File a dispute, Arbitration is our forum, Independent, Resolution.
You, and each user, are our ambassadors, and should act accordingly.
Present us fairly. Stress that we are open to new users.
You may be asked to help NRPs in security. It is your choice to do so, but if you do, you should not act to their detriment. You should encourage NRPs to join the community.
While we work for the benefit of our own users, we must balance our benefit against harm to others. Achieving a benefit to ourselves at the expense of others has no part in our principles.
Other users may join, and they become of us. We exist to help the security of our community, but we also exist to help the security of everyone.
These principles are incorporated into the CAcert Community Agreement by reference. However, by nature, principles are not strongly defined and they require the use of judgement. In the event of abuse, disputes can be raised, with reference to the Principles, and the ruling of the Arbitrator will clarify.