About USE flags
USE flags are a mighty core feature of Gentoo. An Introduction is available here. Freely summarized, USE flags are used to choose which packages will be installed and what features a certain package supports. Thus it handles package dependencies of portage.
This is a good feature in general really, but there are some caveats too. First the default USE flag settings of a package are - and have to be - a compromise. Independent of the reason(s) there are changes required quite often. Second the USE flags of a package changes from time to time. This causes rebuilds of packages and worst case leads into errors, which have to be solved manually quite often. Third USE flags could have conflicts between itself as well between packages and versions.
And last but not least (fourth), the USE flags feature as part of portage increases in complexity over the time in itself. I question that even the maintainers have the complete overview still. It is a result of the complexity of package managers overall . The real root cause of this complexity lays perhaps a bit deeper.
Nevertheless, beside these caveats, USE flags are a good and very useful feature. Maybe it is a good thing to work clean along the usage of USE flags with something like a concept to not run into an unexpected behavior.
Handling of USE flags
Assuming the basics of how to define USE flags are well known. Assuming that portage is up-to-date too. Thus I want to make some general recommendations first, followed by some examples.
Use a folder  package.use 
instead of a file, because this is much more flexible. Don't define USE flags in  make.conf 
! It isn't a good idea to have similar config settings in different places.
Sometimes portage will create a file inside  /etc/portage/package.use 
. The filename in such a case is similar to the related ebuild name. This points me to another suggestion: don't use package/ebuild names for files in this folder to prevent conflicts with portage (usually CONFIG_PROTECT take affect then).
Take care, changing global USE flags could result in unexpected behavior of  emerge 
, likely inextricably and/or conflicting dependencies. Worst case the compile process fails. An investigation of such issues could be time consuming. In case it have to be done, I suggest to do it by re-emerging package by package with the new USE flags.
Do not do  USE=“<flag>” emerge <package> 
, except for testing! If the package was installed successful and it should be kept, add the USE flag change to the configuration.
To respect the human factor (to many files against to big files), my decision is to have basically 3 files in  /etc/portage/package.use 
:
 default 
- contains a default set of USE flags for all my machines localhost 
- these USE flags are special for each system (even localhost) temp 
- temporarily USE flags, e.g. for tests
The files will be read in alphabetical order. Thus you can overwrite USE flags in  default 
by a contrary setting in (e.g.)  localhost 
. See the examples and comments.
The numbers surrounded by brackets at the end of some lines are not part of the configuration - it is to refer the comments!
Here is an example of how  /etc/portage/package.use/default 
could looks like:
*/* -bindist -berkdb -gpm -X -systemd (1) sys-libs/gdbm berkdb (1) app-admin/logrotate -cron app-admin/sudo -sendmail mail-client/nail net net-misc/dhcp -server -ssl (2) sys-devel/gcc go -fortran # by default keep git simple dev-vcs/git -perl -python (3) # server standards net-dns/bind filter-aaaa fixed-rrset
Comments:
         (1) the first line disables USE flags for all packages, the second enable one of them for sys-libs/gdbm exclusive
         (2) dhcp: usually there are more clients then servers - if the host should be a dhcp server put  net-misc/dhcp -server client 
in the file  localhost 
(see below)
         (3) git: don't install a lot of extra classes for e.g. perl (CPAN modules) which are not required by default
The file  default 
is the same on every system of mine, independent if a specific package is installed or not!
Here is an example of how  /etc/portage/package.use/localhost 
could looks like:
*/* abi_x86_32 X (4) */* -wifi -bluetooth -wireless (5) # samba >net-fs/samba-4.2 addc addns gnutls -system-mitkrb5 winbind ads ldap >=sys-libs/tdb-1.3.8 python >=sys-libs/tevent-0.9.26 python >=sys-libs/ntdb-1.0-r1 python >=app-crypt/heimdal-1.5.3-r2 -ssl >=net-dns/bind-tools-9.10.2_p4 gssapi # net-fs/cifs-utils -acl -ads
Comments:
         (4) the X USE flag will be enabled for this host (overwrites the contrary setting in  default 
)
         (5) disable some functionality which is usually for portable devices only
The file  localhost 
is the specific on every system of mine, even if sometimes the same settings are used!
The rest is even specific of this (local) host. Fore sure, these are examples. I think an example of  /etc/portage/package.use/temp 
isn't necessary.
Conclusion
I'm convinced that a set of rules and stay compliant with it strictly is a good way to prevent issues. Even if I didn't mention every little detail, the above concept works for me since a long time. I would appreciate to see these files defined as “reserved for user config” by portage . Anyhow, it's just a suggestion.