I'm trying to learn some Smalltalk. First found was Squeak, but since it has been removed from Gentoo ebuild tree because of security problem, so I decided to find an alternative.
Then I found Pharo through Seaside project, after I downloaded Pharo 1.0 package, there are actually a SqueakVM inside!
So, my question is: Is Pharo just a repackaging/rebranding of Squeak? And are those security problem of Squeak (bundle unsecure libs) still applied to Pharo?
Thanks!
I'm no expert, but from what I've read Squeak has quite a bit of stuff in it (educational etc). Pharo was a fork which attempts to remove a lot of the extra bits and make it more commercial grade.
Pharo About
Another article discussing this
Pharo started as a fork of Squeak to target "practical" Smalltalk development. The two environments use the same virtual machine, same image format, and share nearly the entire low-level class libraries. They use the same version control systems, and (last I checked) shared the same fileIn/fileOut format as well.
At the same time, I don't think it's fair to say that Pharo is merely a rebranding. The two projects are taking increasingly different directions: while Squeak shows no sign of wanting to remove its educational and research packages, Pharo is narrowly focused on making a tiny, lightweight environment suitable for corporate and commercial development. Where Squeak is concerned about keeping backwards compatibility with its previous releases, Pharo has been very willing to break compatibility in the name of slimming things down, speeding things up, and just generally simplifying the library system. The two systems now have different compilers, will soon have different FFI (native code) interfaces, and have increasingly divergent windowing systems.
For these and other reasons, I treat Pharo in my mind as a currently-mostly-Squeak-compatible Smalltalk, and not as a mere "rebanding" of Squeak. As time progresses, I would expect the situation to get closer and closer to Emacs/XEmacs, where it's possible to make programs that run under both systems, but most people target one or the other.
I have absolutely no idea what security problem you're mentioning, so I have no idea whether the situation's better than Pharo. It'd be helpful if you could outline what you have in mind.
While agreeing entirely with Benjamin's answer, there's nothing stopping the two forks from being nearly identical again in the future.
Both projects aim for a tiny kernel with a cluster of loadable packages. The main difference (at least from what I can see, in the discussions on squeak-dev is in the philosophy of how to reach that goal.
Some folk have suggested that in the future the main difference between Pharo and Squeak would thus be which packages come loaded by default.