From: Peter B. Ladkin (ladkin(at)rvs.uni-bielefeld.de)
Date: Thu 15 Jul 2004 - 06:50:34 BST
[PBL] That's one catastrophic airplane-model
failure every 14 months. Happy with that? I wouldn't fly on an
airplane of which some example broke apart every 14 months.
[PB] Surely the point of setting claim limits on an SRS
is that you need to use **several** **diverse** safety functions
to achieve a tolerable accident rate.
Nobody is stopping you having several safety functions in the
aircraft to prevent the same accident(s).
I don't think I was claiming that IEC 61508 *forces* one to build
inappropriate devices. But that is the argument your comment seems to
address.
Also in UK Defstan 00-56, [....] you can get away with a single
SIL4 safety function.
[I think you mean "cannot" here.]
As Felix Redmill wrote four years ago, the use of SILs in DefStan 00-56 and
their use in IEC 61508 are different.
PS
I keep getting virus email messages from:
mtmiller(at)crnotes.cca.rockwell.com
......
- in fact it could be from ANYONE on the safety-critical list.
You cannot draw the line so narrowly, based on this information alone.
The From: header is mostly unhelpful. The most reliable information is
obtainable from the Received: headers. They should enable you to determine
the mail servers and therefore the ISP through which the mails are coming.
I would suspect that the messages are not coming through any server at
Rockwell, because big tech companies usually check these things nowadays.
PBL
--
Peter B. Ladkin PhD FBCS CW(hon)
Professor of Computer Networks and Distributed Systems,
Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel (Vx/msg/Fax) +49 (0)521 880 7319 http://www.rvs.uni-bielefeld.de