5 files changed, 24 insertions, 21 deletions
diff --git a/PRIVACY.md b/PRIVACY.md
index 27e39ca60..718fbed12 100644
--- a/PRIVACY.md
+++ b/PRIVACY.md
@@ -1,17 +1 @@
-# Privacy Notes
+See the [Privacy](https://rust-analyzer.github.io/manual.html#security) section of the user manual.
-## LSP server binary
-The LSP server performs no network access in itself, but runs `cargo metadata` which will update or download the crate registry and the source code of the project dependencies.
-## Visual Studio Code extension
-The Code extension connects to GitHub to download updated LSP binaries and, if the nightly channel is selected, to perform update checks.
-## Other editor plugins
-Any other editor plugins that integrate with `rust-analyzer` are not under the control of the `rust-analyzer` developers. For any privacy concerns, you should check with their respective developers.
-## Others
-If `cargo check` is enabled (the default), any build scripts or procedural macros used by the project or its dependencies will be executed. This is also the case when `cargo check` is disabled, but build script or procedural macro support is enabled in `rust-analyzer` (on by default).
diff --git a/README.md b/README.md
index 5fbc03964..e01542416 100644
--- a/README.md
+++ b/README.md
@@ -27,6 +27,10 @@ If you want to **use** rust-analyzer's language server with your editor of
 choice, check [the manual](https://rust-analyzer.github.io/manual.html) folder.
 It also contains some tips & tricks to help you be more productive when using rust-analyzer.
+## Security and Privacy
+See the corresponding sections of [the manual](https://rust-analyzer.github.io/manual.html#security).
 ## Communication
 For usage and troubleshooting requests, please use "IDEs and Editors" category of the Rust forum:
diff --git a/docs/user/.gitignore b/docs/user/.gitignore
new file mode 100644
index 000000000..c32b1bcec
--- /dev/null
+++ b/docs/user/.gitignore
@@ -0,0 +1 @@
+manual.html
diff --git a/docs/user/manual.adoc b/docs/user/manual.adoc
index 9a8d76700..816e094c2 100644
--- a/docs/user/manual.adoc
+++ b/docs/user/manual.adoc
@@ -201,6 +201,15 @@ $ eselect repository enable guru && emaint sync -r guru
 $ emerge rust-analyzer-bin
 ----
+==== macOS
+The `rust-analyzer` binary can be installed via https://brew.sh/[Homebrew].
+[source,bash]
+----
+$ brew install rust-analyzer
+----
 === Emacs
 Note this excellent https://robert.kra.hn/posts/2021-02-07_rust-with-emacs/[guide] from https://github.com/rksm[@rksm].
@@ -609,9 +618,14 @@ Here is a **non-exhaustive** list of ways to make rust-analyzer execute arbitrar
 * VS Code plugin reads configuration from project directory, and that can be used to override paths to various executables, like `rustfmt` or `rust-analyzer` itself.
 * rust-analyzer's syntax trees library uses a lot of `unsafe` and hasn't been properly audited for memory safety.
-rust-analyzer itself doesn't access the network.
+== Privacy
-The VS Code plugin doesn't access the network unless the nightly channel is selected in the settings.
-In that case, the plugin uses the GitHub API to check for and download updates.
+The LSP server performs no network access in itself, but runs `cargo metadata` which will update or download the crate registry and the source code of the project dependencies.
+If enabled (the default), build scripts and procedural macros can do anything.
+The Code extension automatically connects to GitHub to download updated LSP binaries and, if the nightly channel is selected, to perform update checks using the GitHub API. For `rust-analyzer` developers, using `cargo xtask release` uses the same API to put together the release notes.
+Any other editor plugins are not under the control of the `rust-analyzer` developers. For any privacy concerns, you should check with their respective developers.
 == Features
diff --git a/editors/code/package.json b/editors/code/package.json
index a88a5c44e..aa47bd0ed 100644
--- a/editors/code/package.json
+++ b/editors/code/package.json
@@ -313,7 +313,7 @@
                },
                "rust-analyzer.updates.askBeforeDownload": {
                    "type": "boolean",
-                    "default": true,
+                    "default": false,
                    "description": "Whether to ask for permission before downloading any files from the Internet."
                },
                "rust-analyzer.server.path": {

diff --git a/PRIVACY.md b/PRIVACY.md index 27e39ca60..718fbed12 100644 --- a/PRIVACY.md +++ b/PRIVACY.md
@@ -1,17 +1 @@
1	# Privacy Notes		See the [Privacy](https://rust-analyzer.github.io/manual.html#security) section of the user manual.
2
3	## LSP server binary
4
5	The LSP server performs no network access in itself, but runs `cargo metadata` which will update or download the crate registry and the source code of the project dependencies.
6
7	## Visual Studio Code extension
8
9	The Code extension connects to GitHub to download updated LSP binaries and, if the nightly channel is selected, to perform update checks.
10
11	## Other editor plugins
12
13	Any other editor plugins that integrate with `rust-analyzer` are not under the control of the `rust-analyzer` developers. For any privacy concerns, you should check with their respective developers.
14
15	## Others
16
17	If `cargo check` is enabled (the default), any build scripts or procedural macros used by the project or its dependencies will be executed. This is also the case when `cargo check` is disabled, but build script or procedural macro support is enabled in `rust-analyzer` (on by default).


diff --git a/README.md b/README.md index 5fbc03964..e01542416 100644 --- a/README.md +++ b/README.md
@@ -27,6 +27,10 @@ If you want to use rust-analyzer's language server with your editor of
27	choice, check [the manual](https://rust-analyzer.github.io/manual.html) folder.	27	choice, check [the manual](https://rust-analyzer.github.io/manual.html) folder.
28	It also contains some tips & tricks to help you be more productive when using rust-analyzer.	28	It also contains some tips & tricks to help you be more productive when using rust-analyzer.
29		29
		30	## Security and Privacy
		31
		32	See the corresponding sections of [the manual](https://rust-analyzer.github.io/manual.html#security).
		33
30	## Communication	34	## Communication
31		35
32	For usage and troubleshooting requests, please use "IDEs and Editors" category of the Rust forum:	36	For usage and troubleshooting requests, please use "IDEs and Editors" category of the Rust forum:


diff --git a/docs/user/.gitignore b/docs/user/.gitignore new file mode 100644 index 000000000..c32b1bcec --- /dev/null +++ b/docs/user/.gitignore
@@ -0,0 +1 @@
			manual.html


diff --git a/docs/user/manual.adoc b/docs/user/manual.adoc index 9a8d76700..816e094c2 100644 --- a/docs/user/manual.adoc +++ b/docs/user/manual.adoc
@@ -201,6 +201,15 @@ $ eselect repository enable guru && emaint sync -r guru
201	$ emerge rust-analyzer-bin	201	$ emerge rust-analyzer-bin
202	----	202	----
203		203
		204	==== macOS
		205
		206	The `rust-analyzer` binary can be installed via https://brew.sh/[Homebrew].
		207
		208	[source,bash]
		209	----
		210	$ brew install rust-analyzer
		211	----
		212
204	=== Emacs	213	=== Emacs
205		214
206	Note this excellent https://robert.kra.hn/posts/2021-02-07_rust-with-emacs/[guide] from https://github.com/rksm[@rksm].	215	Note this excellent https://robert.kra.hn/posts/2021-02-07_rust-with-emacs/[guide] from https://github.com/rksm[@rksm].
@@ -609,9 +618,14 @@ Here is a non-exhaustive list of ways to make rust-analyzer execute arbitrar
609	* VS Code plugin reads configuration from project directory, and that can be used to override paths to various executables, like `rustfmt` or `rust-analyzer` itself.	618	* VS Code plugin reads configuration from project directory, and that can be used to override paths to various executables, like `rustfmt` or `rust-analyzer` itself.
610	* rust-analyzer's syntax trees library uses a lot of `unsafe` and hasn't been properly audited for memory safety.	619	* rust-analyzer's syntax trees library uses a lot of `unsafe` and hasn't been properly audited for memory safety.
611		620
612	rust-analyzer itself doesn't access the network.	621	== Privacy
613	The VS Code plugin doesn't access the network unless the nightly channel is selected in the settings.	622
614	In that case, the plugin uses the GitHub API to check for and download updates.	623	The LSP server performs no network access in itself, but runs `cargo metadata` which will update or download the crate registry and the source code of the project dependencies.
		624	If enabled (the default), build scripts and procedural macros can do anything.
		625
		626	The Code extension automatically connects to GitHub to download updated LSP binaries and, if the nightly channel is selected, to perform update checks using the GitHub API. For `rust-analyzer` developers, using `cargo xtask release` uses the same API to put together the release notes.
		627
		628	Any other editor plugins are not under the control of the `rust-analyzer` developers. For any privacy concerns, you should check with their respective developers.
615		629
616	== Features	630	== Features
617		631


diff --git a/editors/code/package.json b/editors/code/package.json index a88a5c44e..aa47bd0ed 100644 --- a/editors/code/package.json +++ b/editors/code/package.json
@@ -313,7 +313,7 @@
313	},	313	},
314	"rust-analyzer.updates.askBeforeDownload": {	314	"rust-analyzer.updates.askBeforeDownload": {
315	"type": "boolean",	315	"type": "boolean",
316	"default": true,	316	"default": false,
317	"description": "Whether to ask for permission before downloading any files from the Internet."	317	"description": "Whether to ask for permission before downloading any files from the Internet."
318	},	318	},
319	"rust-analyzer.server.path": {	319	"rust-analyzer.server.path": {