It's not quite so simple. How does the distinction go with for example Firefox? It might seem to be an obvious case for "world" as it is a end user application. But is it? Let's take a quick look. On a Debian Squeeze system, there are 39 packages that depend on xulrunner (the rendering engine / user interface library of Firefox). You can't actually update Firefox without updating xulrunner, and if xulrunner is not fully backward compatible (it usually isn't), you may need to update the other 38 packages as well.
Some have claimed that Debian should ship an embedded copy of xulrunner with every depending package, but that just moves the problem to security updates (which are extremely frequent for our example case xulrunner), where instead of updating one package the security team needs to update all 39.
Does this help you see what the problem is?
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds