Frankly your tone made yourself sound like an entitled armchair expert, whereas the paragraphs you have labeled as "irrelevant" sound extremely relevant. Why don't you use a few words to explain why you think that paragraph is irrelevant?
Even though he didn't take responsibility I walk away convinced that he's doing a good enough job.
> Frankly your tone made yourself sound like an entitled armchair expert
Well, the OP's tone was flippant, and I thought it was dismissive. Who cares how thankless the job is -- it is your job. Stop blaming it on the users for wanting things and fix the problem and stop making excuses and acting put out.
> whereas the paragraphs you have labeled as "irrelevant" sound extremely relevant. Why don't you use a few words to explain why you think that paragraph is irrelevant?
It is irrelevant because the issue exists now. Who cares what they accounted for 8 years ago, and who cares what their competitor does?
P1: My lock opens with any key. It should only open with my key.
P2: But the competitor's lock opens without a key!
P1: I don't care? Fix it.
> Even though he didn't take responsibility I walk away convinced that he's doing a good enough job.
2. I don't work on Chrome anymore and have not for 8 years. I should have made that more clear.
3. I was responding to the claim: 'the entire chain of people working on this has been asleep at the wheel'. OP was assuming this bug has existed forever. I know for a fact it hasn't, because I remember caring about getting this right and implementing custom UI for it. I also listed some other things we improved over status quo at the time, which refute this claim.
4. Based on my knowledge of how this all used to work, it's not as big an issue as the original article and several people in this thread are making it seem, because the review process is really the primary safety check in the system. It needs to be because, as many have noted, most users don't read the dialog. Extensions are required to have a single purpose and extraneous permissions aren't allowed. And if an extension with a large number of permissions was approved, extensions (and updates) are reviewed both with automated and manual processes, and it would be difficult to get a malicious extension through the process or to get large numbers of users on it.
I still agree the bug should be fixed. We cared a lot about getting this UI right when we originally implemented it, and it's unfortunate that it regressed.
Even though he didn't take responsibility I walk away convinced that he's doing a good enough job.