There's a further implication that an instruction, but not a failsafe, exists to prevent the given condition. E.g. "do not reverse thrust until ground mode has fully activated." but no check to actually prevent the crew from doing so.
I'm not a lawyer; couldn't tell you where the fault would split in that case, but if my hunch about the lack of a failsafe for a given instruction is correct... it's still a surprise to me. I'd expect existing avionics production procedures to catch this sort of thing.
>> I'd expect existing avionics production procedures to catch this sort of thing.
The older I get, the more I believe your expectation is wrong. Lessons learned are rarely transferred to new people who were not present when the lesson was initially learned.
I've even worked at companies that try to compile a database of "lessons learned", but they never instruct anyone to read through the whole thing. Even if they did, when confronted with a large amount of material how much of it actually sticks?
The we move on to more procedural methods like fault-tree analysis, FMEA, etc... That's great and can help a lot, but it's still a GIGO process and new people need to learn how to do it well. There are always new people learning new things.
In software, we usually encode lessons learned as tests and static analysis. There is a reasonable level of success on that.
Aviation usually encode them on checklists. They have a much higher degree of success (probably because of culture, not medium), but failures happen some times too.
I'm not a lawyer; couldn't tell you where the fault would split in that case, but if my hunch about the lack of a failsafe for a given instruction is correct... it's still a surprise to me. I'd expect existing avionics production procedures to catch this sort of thing.