USE flags are a mighty core feature of Gentoo. An Introduction is available here. Freely summarized, USE flags are used to choose which packages will be installed and what features a certain package supports. Thus it handles package dependencies of portage.
This is a good feature in general really, but there are some caveats too. First the default USE flag settings of a package are - and have to be - a compromise. Independent of the reason(s) there are changes required quite often. Second the USE flags of a package changes from time to time. This causes rebuilds of packages and worst case leads into errors, which have to be solved manually quite often. Third USE flags could have conflicts between itself as well between packages and versions.
And last but not least (fourth), the USE flags feature as part of portage increases in complexity over the time in itself. I question that even the maintainers have the complete overview still. It is a result of the complexity of package managers overall . The real root cause of this complexity lays perhaps a bit deeper.
Nevertheless, beside these caveats, USE flags are a good and very useful feature. Maybe it is a good thing to work clean along the usage of USE flags with something like a concept to not run into an unexpected behavior.
Handling of USE flags
Assuming the basics of how to define USE flags are well known. Assuming that portage is up-to-date too. Thus I want to make some general recommendations first, followed by some examples.
Use a folder
package.use  instead of a file, because this is much more flexible. Don't define USE flags in
make.conf ! It isn't a good idea to have similar config settings in different places.
Sometimes portage will create a file inside
/etc/portage/package.use . The filename in such a case is similar to the related ebuild name. This points me to another suggestion: don't use package/ebuild names for files in this folder to prevent conflicts with portage (usually CONFIG_PROTECT take affect then).
Take care, changing global USE flags could result in unexpected behavior of
emerge , likely inextricably and/or conflicting dependencies. Worst case the compile process fails. An investigation of such issues could be time consuming. In case it have to be done, I suggest to do it by re-emerging package by package with the new USE flags.
Do not do
USE=“<flag>” emerge <package> , except for testing! If the package was installed successful and it should be kept, add the USE flag change to the configuration.
To respect the human factor (to many files against to big files), my decision is to have basically 3 files in
default - contains a default set of USE flags for all my machines
localhost - these USE flags are special for each system (even localhost)
temp - temporarily USE flags, e.g. for tests
The files will be read in alphabetical order. Thus you can overwrite USE flags in
default  by a contrary setting in (e.g.)
localhost . See the examples and comments.
The numbers surrounded by brackets at the end of some lines are not part of the configuration - it is to refer the comments!
Here is an example of how
/etc/portage/package.use/default  could looks like:
*/* -bindist -berkdb -gpm -X -systemd (1) sys-libs/gdbm berkdb (1) app-admin/logrotate -cron app-admin/sudo -sendmail mail-client/nail net net-misc/dhcp -server -ssl (2) sys-devel/gcc go -fortran # by default keep git simple dev-vcs/git -perl -python (3) # server standards net-dns/bind filter-aaaa fixed-rrset
(1) the first line disables USE flags for all packages, the second enable one of them for sys-libs/gdbm exclusive
(2) dhcp: usually there are more clients then servers - if the host should be a dhcp server put
net-misc/dhcp -server client  in the file
localhost  (see below)
(3) git: don't install a lot of extra classes for e.g. perl (CPAN modules) which are not required by default
default  is the same on every system of mine, independent if a specific package is installed or not!
Here is an example of how
/etc/portage/package.use/localhost  could looks like:
*/* abi_x86_32 X (4) */* -wifi -bluetooth -wireless (5) # samba >net-fs/samba-4.2 addc addns gnutls -system-mitkrb5 winbind ads ldap >=sys-libs/tdb-1.3.8 python >=sys-libs/tevent-0.9.26 python >=sys-libs/ntdb-1.0-r1 python >=app-crypt/heimdal-1.5.3-r2 -ssl >=net-dns/bind-tools-9.10.2_p4 gssapi # net-fs/cifs-utils -acl -ads
(4) the X USE flag will be enabled for this host (overwrites the contrary setting in
(5) disable some functionality which is usually for portable devices only
localhost  is the specific on every system of mine, even if sometimes the same settings are used!
The rest is even specific of this (local) host. Fore sure, these are examples. I think an example of
/etc/portage/package.use/temp  isn't necessary.
I'm convinced that a set of rules and stay compliant with it strictly is a good way to prevent issues. Even if I didn't mention every little detail, the above concept works for me since a long time. I would appreciate to see these files defined as “reserved for user config” by portage . Anyhow, it's just a suggestion.