My quick reaction is: As you say this should be fixed upstream. A library not having reasonable threadsafe options is so 1990. I am assuming people doing HPC with pkgsrc are building their own packages anwyay. I am uncomfortable defaulting-on things that upstream says "don't do that". I am uncomfortable defaulting-on things that are known not to be sound. I am uncomfortable with unsafe things that are not labeled. I understand that the point of pkgsrc is to let people run the code they want to run. I am surprised about Debian's choices, but I'm unclear on whether that is a Debian community choice/norm or just what the hdf5 maintainer did. so therefore I lean to hdf5 also having an "unsafe-threads" option that does the unsafe thing. Then people who want that can turn it on. Definitely it should not be default on.
Attachment:
signature.asc
Description: PGP signature