Originally Posted by idg
An Airbus rep told me of instances of Green to Yellow transfer but it is not 'intentional'
Thank you, idg. I wonder whether he was talking about known instances, or merely about what he knows about the hazard analysis in the certification basis?
Let me give some indication for those who might be interested but do not know, how a hazard analyst might go about analysing such systems.
First, heshe might look at the crude system diagram in 1.29 and observe that there are at least two devices which connect between the G and Y hydraulic systems. (idg is reporting a third, which I don't believe is indicated in those diagrams, but I can't be bothered to go check.) Now, for each of those devices the certification basis for the AC will include documents, amongst them one assigning the level of criticality of the device, and another giving an argument in detail as to how the device satisfies the assigned level of criticality.
Now, I don't know the detailed design of those devices; I have never seen such engineering documents. And I doubt anybody else here who is willing to say something has either, because those documents are prima facie proprietary and the people seeing them form an restricted group bound by non-disclosure agreement, and nobody who takes their code of practice seriously (i.e. all engineers except for the occasional crackpot) is going to violate non-disclosure for the sake of some guy asking questions on an anonymous web forum, unless there is something seriously, seriously wrong (which I doubt).
So my question to violator was a "leading question". In other words I already know that (as a hazard analyst interprets these words) there are paths between G & Y through which fluid can theoretically travel. Any, say, HAZOP-like analysis will explicitly consider such a scenario and its consequences, but as I said I do not know what techniques are used in the certification basis.
Now, I have never seen any hazard analysis on any piece of complex equipment which was completely correct, without exception. It may be beyond the bounds of current human capability to devise one for such a thing as a commercial aircraft that was exceptionlessly correct. Most of them have faults. Some of them, occasionally, have glaring holes. And I know, for certain specific aircraft that interest us, that there are hazards whose severity (technical term) is catastrophic (also a technical term) that have not been mitigated, because we have reverse-engineered and identified them.
I thank idg also for explaining the PTU-overheat scenario in a little more detail. My next question if I were to follow that line would be of course what the consequences are of that abnormal state that the PTU gets into, but as I said, I doubt anybody here with either the detailed engineering design or the certification basis documentation sitting in front of himher would be inclined to answer.
Sorry for the length of this note. I'm just trying another writing technique to try to avoid this pointless, and to my mind rather silly, one-sentence repartee. I do hope I can get back to brevity; I'd rather just ask a simple question and hope for a sensible answer.
PBL