Consolidate the privacy notes

This commit is contained in:
Laurențiu Nicola 2021-06-15 20:05:16 +03:00
parent 6cbb18e570
commit cbf53ba251
3 changed files with 13 additions and 20 deletions

View file

@ -1,17 +1 @@
# Privacy Notes
## LSP server binary
The LSP server performs no network access in itself, but runs `cargo metadata` which will update or download the crate registry and the source code of the project dependencies.
## Visual Studio Code extension
The Code extension automatically connects to GitHub to download updated LSP binaries and, if the nightly channel is selected, to perform update checks.
## Other editor plugins
Any other editor plugins that integrate with `rust-analyzer` are not under the control of the `rust-analyzer` developers. For any privacy concerns, you should check with their respective developers.
## Others
If `cargo check` is enabled (the default), any build scripts or procedural macros used by the project or its dependencies will be executed. This is also the case when `cargo check` is disabled, but build script or procedural macro support is enabled in `rust-analyzer` (on by default).
See the [Privacy](https://rust-analyzer.github.io/manual.html#security) section of the user manual.

View file

@ -27,6 +27,10 @@ If you want to **use** rust-analyzer's language server with your editor of
choice, check [the manual](https://rust-analyzer.github.io/manual.html) folder.
It also contains some tips & tricks to help you be more productive when using rust-analyzer.
## Security and Privacy
See the corresponding sections of [the manual](https://rust-analyzer.github.io/manual.html#security).
## Communication
For usage and troubleshooting requests, please use "IDEs and Editors" category of the Rust forum:

View file

@ -609,9 +609,14 @@ Here is a **non-exhaustive** list of ways to make rust-analyzer execute arbitrar
* VS Code plugin reads configuration from project directory, and that can be used to override paths to various executables, like `rustfmt` or `rust-analyzer` itself.
* rust-analyzer's syntax trees library uses a lot of `unsafe` and hasn't been properly audited for memory safety.
rust-analyzer itself doesn't access the network.
The VS Code plugin doesn't access the network unless the nightly channel is selected in the settings.
In that case, the plugin uses the GitHub API to check for and download updates.
== Privacy
The LSP server performs no network access in itself, but runs `cargo metadata` which will update or download the crate registry and the source code of the project dependencies.
If enabled (the default), build scripts and procedural macros can do anything.
The Code extension automatically connects to GitHub to download updated LSP binaries and, if the nightly channel is selected, to perform update checks using the GitHub API. For `rust-analyzer` developers, using `cargo xtask release` uses the same API to put together the release notes.
Any other editor plugins are not under the control of the `rust-analyzer` developers. For any privacy concerns, you should check with their respective developers.
== Features