The following USE flags are enabled by default in our base/linux profiles. I think they can be disabled, possibly turning them on in package.use (or in the ebuilds) if they are important. Yes, no?
1. USE=cracklib (base/make.defaults) This might belong in the hardened profile, but it doesn't do anything critical -- it just enables "your password sucks" warnings. 2. USE=modules (base/make.defaults) This was originally used to enable kernel modules corresponding to linux-mod.eclass, but now the USE flag name is controlled by a variable and isn't guaranteed to be "modules". Two packages use it for things that aren't kernel modules. 3. USE=session (default/linux/make.defaults) Does wildly-different things to the few packages it affects, and never should have been enabled globally in the first place (it was done to enable sessions by default in dev-lang/php). The "quse" tool will show you which packages are affected by each flag.
