[SOLVED] Why is Vivaldi in official repos?

Ridwan Rawriet · 2022-01-28 10:30:34

I'm just too shocked to find this out today. A proprietary software is sitting on the community repo whose numerous, arguably better FOSS alternatives are available. While free softwares like Brave was kicked out from the official repos. I know they were caught doing some questionable stuff but still it's free software. People can look at it's source code to detect malicious code.

What about Icecat? There are plenty of valid use cases for it. For example, it'll be perfectly fine for a laptop one uses for studying and not for browsing social media. It really deserves to be included in the official arch repos!

The more I think about this more unreasonable it seems to be. I'm new to free software, so please correct if I've made some mistakes and sorry for bad English.

Last edited by Ridwan Rawriet (2022-01-28 12:01:57)

Slithery · 2022-01-28 10:40:12

Nothing strange about this at all the repos have never been restricted to open source software, take the nvidia drivers as a classic example.

Pragmatism wrote:

Arch is a pragmatic distribution rather than an ideological one. The principles here are only useful guidelines. Ultimately, design decisions are made on a case-by-case basis through developer consensus. Evidence-based technical analysis and debate are what matter, not politics or popular opinion.
The large number of packages and build scripts in the various Arch Linux repositories offer free and open source software for those who prefer it, as well as proprietary software packages for those who embrace functionality over ideology.

The only deciding factor on which packages are in the repos and which are in the AUR are whether or not a developer/TU is interested in packaging it.

Lone_Wolf · 2022-01-28 11:37:10

Incase you prefer a system without any proprietary software* , check http://www.gnu.org/distros/free-distros.html .

One of the listed distros ( parabola ) is based on archlinux .

* most of firmware blobs are proprietary, not using them often results in performance / feature loss

Ridwan Rawriet · 2022-01-28 11:49:44

In case of Nvidia drivers there is not a valid alternative yet. The same thing cannot be achieved with nouveau. In case of browsers though, with other foss alternatives the same experience can be achieved.

However I understand arch's pragmatic approach and realize it's a good idea to provide people with options.
But I personally think it would be a better to not include proprietary software if there comparable alternatives exist because AUR is always an option. Like how AMD's proprietary drivers are not in the official repos since the foss one can do it well. Instead all the amdgpu-pro* reside in AUR instead. I also acknowledge the biggest weakness of this proposal. What can be considered as a valid alternative is subjective.
So hm, maybe arch's current approach is the most practical and realistic.

Slithery · 2022-01-28 12:07:50

Ridwan Rawriet wrote:

Like how AMD's proprietary drivers are not in the official repos since the foss one can do it well. Instead all the amdgpu-pro* reside in AUR instead.

That's not the reason that they're not in the official repos.

As I stated earlier, if a developer/TU wanted to package the amdgpu-pro drivers into the main repos there's nothing to stop them. The only reason it hasn't happened is a lack of interest/time.

tropicalia · 2026-01-18 17:17:30

Hey, apologizes for bringing this "solved" topic back. I read the thread but really didn't understand why Vivaldi is in the official packages.

It has a closed source UI that can be harmful to users since we can't inspect it. Is it really a good idea to leave it as an official supported Arch package?

Scimmia · 2026-01-18 17:26:25

Read post #2 again, it's very clear.

tropicalia · 2026-01-18 17:38:12

Scimmia wrote:

Read post #2 again, it's very clear.

I read. Sorry, is my bad, I should have detailed a little bit better what I was trying to ask.

A web browsers is a bit different from other regular applications that we install. It tracks all our most personal interactions. A Nvidia driver, for example, like you mentioned, is a very focused part of our workflow, it can be harmful if injected with malicious code but probably not to an same level that a web browser can be.

I wonder if this was considered over functionality and carefully assessed to make sure that an official Arch based package isn't supporting a potential big flaw. The question is not about politics or popular opinion, is purely technical.

Last edited by tropicalia (2026-01-18 17:40:50)

seth · 2026-01-18 18:43:42

purely technical

Nvidia driver […] can be harmful if injected with malicious code but probably not to an same level that a web browser can

nb. that anything running in kernel space (what ialso includes the proprietary firmwares and cpu microcode) can fuck you *way* harder than random userspace processes (not even talking about the MEI options)

Then there're of course the various browser extensions people install and that might be obfuscated the same way vivaldi's ui code is.

Arch does not pretend to be a http://www.gnu.org/distros/free-distros.html distro, so this is generally never a criteria and users should not be fooled into thinking so (let alone that FOSS inherently guarantees absence of malware, if they didn't get the libxz memo)
I'd therefore wager that rather dropping vivaldi for *this* specific reason out of all (instead of eg. lost interest or tangible concerns) would be the worst possible action.

Reasonable alternatives could involve highlighting proprietary code (in the license field?) to ensure awareness.

----

While free softwares like Brave was kicked out from the official repos.

Makes one wonder whether because nobody was willing to continue to maintain it or because of the major scandals around its shady practices…

Succulent of your garden · 2026-01-18 18:59:22

forgive me admins if I'm helping in necrobumping this and today are in a free and relax day, but since some hours had been passed I'm not sure if this post is going to be close.

But to answer tropicalia and clarify some questions about this [without being dev in arch linux]

1) Vivaldi is not FOSS but something called source available. It's like another way to do things. Yes I know that some components are closed source.

2) The only main thing that Vivaldi is closed source are the UI components of it, which is the main feature of the browser, do whatever you can with them if you like, the customization of the UI is the main feature, which is mostly java script and CSS as I know.

3) The privacy policy of the browser and EULA says a lot about the browser works and what you should expect.

4) If you do some ss -tun command after just launching vivaldi, you will see a lot less traffic coming to your browser in comparison to other browsers who says are open source. If you truly want to have a private browser should be also be in mind that after launching it it should not be like a DDOS thing ? I had tried a lot of "Open Source" browser and when you opened it you see a lot of traffic which obviously is not fine. Also there are other open source browsers who does not make that, but those are the few ones to be honest. Vivaldi also explain what those connections are and the main objective. Also for example as I know brave also make connections by default to AWS VPS to enable some features on the browser, for some peoples that could be as worse or worst as vivaldi not open sourcing some parts of the UI that have it. Long story short: don't judge a browser just because is source available to be honest or closed source without not first checking the default connections that the browser is making, in that second aspect, vivaldi is way more cool than many browsers.

5) Vivaldi is the "continuation" of Opera browser in the 2000s when the browser was cool, but maybe more privacy friendly

6) Everything is open source if you know assembly language. Do you think someone would not notice that the browser is making strange things and complain about it in the internet ? Had you ever found that complaint about vivaldi before ? Has someone said that the browser is spooky and doing bad stuff ? Nobody has told that as far as I know, probably if that's the case in some day, many people that are vivalid users are going to drop the browser by something else. If the xz utils backdoor was found by someone that notice the delay in the ssh connection: why can't other person found some inconsistencies in vivaldi browser ? more if the browser is based in chromium and mostly of their source code is available to general public ?

If you analyze the browser more than if it's just "100% open source" or not and more like an auditory, then the program doesn't seems to be so bad right in comparison to other applications, including maybe some open source ones. I think that explains why is in the extra repos in Arch LInux.

Also brave browser is like crap in Linux, sometimes have some minor bugs and they also says that the browser for Linux is not free of bugs, they don't want to add the same support as Windows and mac os. They are kind of: well if someone from linux want to use it, let's make them create the support fort the browser to add it. Vivaldi fully supports Linux by default, which is another thing to have in consideration.

As for me: Long Story Short: Just pick your poison and live ^^

EDIT: I notice that set posted while I was writing this

seth wrote:

or because of the major scandals around its shady practices…

What do you mean by that Lord of infertility and destruction ? It does have a lot, but some not relating to code also.

Last edited by Succulent of your garden (2026-01-18 19:03:07)

tropicalia · 2026-01-18 19:38:14

seth wrote:

anything running in kernel space (what ialso includes the proprietary firmwares and cpu microcode) can fuck you *way* harder than random userspace processes (not even talking about the MEI options)

True. The difference in this comparison is that millions deposit their trust in a huge corp that deploy the leading GPU hardware, which kinda of makes it somewhat necessary and like you pointed doesn't diffuse from Arch philosophy to support meaningful unique closed source offerings.

In Vivaldi's case it seems more a deliberated very surgical decision to trust a small business (like Vivaldi disclose in their blog where they justify their closed sourced UI) almost like a political statement:
"Open-source processes require people reviewing submitted patches and communicating with committers.

All this takes time, and, given our limited resources, we aren’t sure how the benefits would outweigh the investment of time."

Source: https://vivaldi.com/blog/technology/why … en-source/

IMHO, this is a bit of a disappointing answer. One may say is only the UI but is that enough to overlook the potential of thousands or more people using it and trusting on it?

Not sure how this all play in Arch's tree of decision to proceed with this very unique web browser. Can one assume that Vivaldi offers true and better features and security than some other web browser? If yes, what in specific? Can we talk about it?

Over the years I learned to challenge the status quo since things are always transforming.

Last edited by tropicalia (2026-01-18 19:39:16)

Succulent of your garden · 2026-01-18 20:12:57

tropicalia wrote:

IMHO, this is a bit of a disappointing answer. One may say is only the UI but is that enough to overlook the potential of thousands or more people using it and trusting on it?

It can or can't be not. It depends of the humans involved in the project. For example audacity was a nice program until change the owner and the owner started to add telemetry to the program, and the people seems now days made a fork without the telemetry on it. That shows that open source software can be crap in many sense without know it. In the case of audacity, it seems [I don't use it, including the fork] the people by licence was able to make the fork, but that's not the case in all scenarios, imagine that the new owner of audacity made it close source or change the licence to something like: Sorry folks you can't fork muahaahahahaha [insert evil noises], the fork would not be possible in a legal sense, and probably if you have the luck some devs would make a new inspired version of the application without the new crap features. So as for me "open source" can also be use like a "green washing" thing if you want to call it in that way, if you had convinced many in a Pavlov way that just because is open source is nice and friendly you can use it as a disguised to attract naive people to something that in reality is not according to what the people really thinks, which I think firefox does now days to be honest. Only the more tech savy ones will notice it and by doing some kind of auditory to the software or checking things more than twice. Also everyone ttrust software until a certain degree because we trust that the compilers are not altered, more on that in "reflections on trusting trust" if you want to dig deeper.

tropicalia wrote:

Not sure how this all play in Arch's tree of decision to proceed with this very unique web browser. Can one assume that Vivaldi offers true and better features and security than some other web browser? If yes, what in specific? Can we talk about it?

Apart of the obviously previous talked custom UI that you can create, vivaldi offers some nice things like:

1) You can change the user agent to many things and most of the time it just works. So for privacy folks that could be great, because you can put in the user agent that you are using windows + edge browser but in reality you are using Linux + vivaldi.

2) You can create users account that works in isolation in each other. Let's say for example I need to connect to shitty email provider but I don't want to be able to catch in some sense my currently pages that I'm working on. I can use another account in vivalidi and as I know that will be in isolation to the other pages, so in that sense if you need to access many services but don't want to be tracked so naked, then it's an option.

3) Each user created can have different configuration, that also means tweaking the user agent differently for example

4) It does now have a default proton vpn, I don't use it but it does have it if you want to, probably for some people that's a nice thing.

5) I mostly sure the browser does have some kind of API thing or documentation to add things on it, more like only vivalid plugins that you can create, which shows how to add things to the propietary UI .

6) The browser is fast in response, I mean it does seems that machines are suffering with launching it, which is the case of chrome

probably have more features, which I don't know to be honest.

Last edited by Succulent of your garden (2026-01-18 20:13:49)

seth · 2026-01-18 21:38:13

Not sure how this all play in Arch's tree of decision to proceed with this very unique web browser.

Scimmia wrote:
Read post #2 again, it's very clear.
I read.

I'll read you that again:

Slithery wrote:

The only deciding factor on which packages are in the repos and which are in the AUR are whether or not a developer/TU is interested in packaging it.

tropicalia · 2026-01-18 21:50:46

seth wrote:

Not sure how this all play in Arch's tree of decision to proceed with this very unique web browser.
Scimmia wrote:
Read post #2 again, it's very clear.
I read.
I'll read you that again:
Slithery wrote:
The only deciding factor on which packages are in the repos and which are in the AUR are whether or not a developer/TU is interested in packaging it.

Sorry, I'm a very slow learner, as you probably noticed at this point. Does this mean that no developer, not from Arch's project, but from anywhere, ever manifested the desire to provide other browsers in Arch's official repo? Like, if I want, can I distribute Helium, Ungoogled Chromium, Brave, Librewolf, Mullvad, Waterfox, etc... via pacman? If not, do I need be part of those browsers developments? If not, do I need to be a trusted developer in Arch's repo? What a developer mean in that statement?

seth · 2026-01-18 21:59:36

do I need to be a trusted developer in Arch's repo? What a developer mean in that statement?

https://archlinux.org/people/developers/
https://archlinux.org/people/package-maintainers/

twelveeighty · 2026-01-20 15:44:32

tropicalia wrote:

can I distribute Helium, Ungoogled Chromium, Brave, Librewolf, Mullvad, Waterfox, etc... via pacman?

Yes, this is what the AUR is for. But I think you are greatly underestimating the amount of time required to *maintain* all those browsers. Sure, getting them to build the 1st time is a fun project. But then dealing with breakage a month later when an upstream library (or ten more) is updated and being under pressure from users to get their favorite "outdated" browser released is a LOT of work.

Arch Linux

#1 2022-01-28 10:30:34

[SOLVED] Why is Vivaldi in official repos?

#2 2022-01-28 10:40:12

Re: [SOLVED] Why is Vivaldi in official repos?

#3 2022-01-28 11:37:10

Re: [SOLVED] Why is Vivaldi in official repos?

#4 2022-01-28 11:49:44

Re: [SOLVED] Why is Vivaldi in official repos?

#5 2022-01-28 12:07:50

Re: [SOLVED] Why is Vivaldi in official repos?

#6 2026-01-18 17:17:30

Re: [SOLVED] Why is Vivaldi in official repos?

#7 2026-01-18 17:26:25

Re: [SOLVED] Why is Vivaldi in official repos?

#8 2026-01-18 17:38:12

Re: [SOLVED] Why is Vivaldi in official repos?

#9 2026-01-18 18:43:42

Re: [SOLVED] Why is Vivaldi in official repos?

#10 2026-01-18 18:59:22

Re: [SOLVED] Why is Vivaldi in official repos?

#11 2026-01-18 19:38:14

Re: [SOLVED] Why is Vivaldi in official repos?

#12 2026-01-18 20:12:57

Re: [SOLVED] Why is Vivaldi in official repos?

#13 2026-01-18 21:38:13

Re: [SOLVED] Why is Vivaldi in official repos?

#14 2026-01-18 21:50:46

Re: [SOLVED] Why is Vivaldi in official repos?

#15 2026-01-18 21:59:36

Re: [SOLVED] Why is Vivaldi in official repos?

#16 2026-01-20 15:44:32

Re: [SOLVED] Why is Vivaldi in official repos?

Board footer