litz wrote:When safety equipment like this has to be disabled/cut out (due to malfunction, etc), the train doesn't just continue on as if it was still enabled.It depends on how the equipment is disabled. If I recall correctly, the incident Tadman points to in Michigan had a signal maintainer that cut out a crucial piece of equipment. The system did not see the bypass and as far as the system and train were concerned everything was working fine. Now we can learn from that at come up with a way where required testing can be accomplished without causing a safety risk.
I do not like that there are ways of bypassing the system without at alert and reminders. Perhaps one could call that a design failure but per design the system should not be disabled or bypassed.