CEFOSKEY

Apart from the natural tendancy for pilots to trivialise design engineers jobs and vice versa, I can't really disagree with anything you say, but I continue to think you make my point (which at the risk of being boring, I'll rephrase):
A few years ago JAR/FAR 29 was modified to include a requirement for continued operation following complete loss of lubrication. This was because, although fairly unlikely, a complete loss of lubrication is a reasonably forseeable event. Whereas a CAT A aircraft flying over a hostile environment should be able to maintain flight for some time following a reasonably forseeable event (with the expectation of being able to make a safe landing). But by including the phrase "Unless such failures are extremely remote" - something which IMHO cannot feasibly be proven in a new type - an escape route from the requirement was created so reluctant manufacturers could avoid the requirement, whilst other more conscientious manufacturers stopped wriggling and just complied with the spirit of the reg. Fortunately I fly an aircraft made by the latter type of manufacturer!

HC