[methodical]

Candidly, while I understand the need for some amount of redundancy, I'm curious what this level of redundancy adds in terms of complexity to the system of a whole and whether or not that complexity-add almost outweighs the higher redundancy. I'm sure NASA has calculated the trade off, but I'd be curious to see the thoughts behind that.

I feel in a similar vein when learning of certain aircraft accidents over the years, where it feels like the redundancy of certain systems and the complexity it adds has been the indirect cause of accidents instead of preventing them. I suppose there's not really a way to quantify the accidents that it's prevent to be able to compare them directly.

[wat10000]

There’s an obvious example of this with twin-engine airplanes. Having two engines obviously makes you a lot safer since you still have power if one fails. But dealing with an engine failure takes some skill, and your probability of experiencing a failure doubles. Airlines train their pilots to handle it, but if you’re a more casual pilot and you’re flying a twin, you have to be careful to ensure it’s actually making you safer.

[kqr]

Another example would be something like a leader/follower distributed data storage system. It (and maybe its clients) needs to maintain a coherent view of which the leader node is. This adds significant complexity, and in many cases is no longer worth it.

[jordanb]

Two engines also give you a lot more options for control surface failures. It's objectively safer and why all commercial airliners are (at least) two engine. But it does require more training for the pilot.

[rkagerer]

The acceptable loss of crew risk for Artemis is 1 in 30 (3.3%), and I gather figures like that feed into the engineering constraints dictating the design (level of redundancy, materials selection, etc).