The standard editor
The standard editor
Also small channels might be better for servers since they get security fixes more quickly since some it has less cache and less tests
Nix packages arent containerized by default. But since every depenedency is clearly defined. there are tools wrap packkages using bublewrap, or tools build layered docker imahes
But building packages happens in sandbox
Reminds me https://xkcd.com/1200
The safest install method \s