pikachu ~ # equery uses net-misc/openssh
[ Legend : U - final flag setting for installation]
[        : I - package is installed with flag     ]
[ Colors : set, unset                             ]
 * Found these USE flags for net-misc/openssh-9.3_p1-r1:
 U I
 + + X            : Add support for X11
 - - audit        : Enable support for Linux audit subsystem using sys-process/audit
 - - kerberos     : Add kerberos support
 - - ldns         : Use LDNS for DNSSEC/SSHFP validation.
 - - libedit      : Use the libedit library (replacement for readline)
 - - livecd       : Enable root password logins for live-cd environment.
 + + pam          : Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip
 + - pie          : Build programs as Position Independent Executables (a security hardening technique)
 - - security-key : Include builtin U2F/FIDO support
 + + ssl          : Enable additional crypto algorithms via OpenSSL
 - - static       : !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically
 - - test         : Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
 - - verify-sig   : Verify upstream signatures on distfiles
 - - xmss         : Enable XMSS post-quantum authentication algorithm
pikachu ~ # emerge -vaA1 net-misc/openssh

 * IMPORTANT: 2 news items need reading for repository 'gentoo'.
 * Use eselect news read to view new items.


These are the packages that would be merged, in order:

Calculating dependencies... done!
Dependency resolution took 13.76 s.

[ebuild     U  ] net-misc/openssh-9.3_p1-r1::gentoo [9.3_p1::gentoo] USE="X pam pie ssl -audit (-debug) -kerberos -ldns -libedit -livecd -security-key (-selinux) -static -test -verify-sig -xmss (-X509%) (-hpn%) (-sctp%*)" 0 KiB

Total: 1 package (1 upgrade), Size of downloads: 0 KiB

Would you like to merge these packages? [Yes/No] 

>>> Verifying ebuild manifests

>>> Running pre-merge checks for net-misc/openssh-9.3_p1-r1
 * net-misc/openssh does not support USE='sctp' anymore.
 * The Base system team *STRONGLY* recommends you not rely on this functionality,
 * since these USE flags required third-party patches that often trigger bugs
 * and are of questionable provenance.
 * 
 * If you must continue relying on this functionality, switch to
 * net-misc/openssh-contrib. You will have to remove net-misc/openssh from your
 * world file first: 'emerge --deselect net-misc/openssh'
 * 
 * In order to prevent loss of SSH remote login access, we will abort the build.
 * Whether you proceed with disabling the USE flags or switch to the -contrib
 * variant, when re-emerging you will have to set
 * 
 *   OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes
 * ERROR: net-misc/openssh-9.3_p1-r1::gentoo failed (pretend phase):
 *   Building net-misc/openssh[-sctp] without OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes
 * 
 * Call stack:
 *                  ebuild.sh, line 136:  Called pkg_pretend
 *   openssh-9.3_p1-r1.ebuild, line 118:  Called die
 * The specific snippet of code:
 *   		die "Building net-misc/openssh[${disabled_eol_flags%,}] without OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes"
 * 
 * If you need support, post the output of `emerge --info '=net-misc/openssh-9.3_p1-r1::gentoo'`,
 * the complete build log and the output of `emerge -pqv '=net-misc/openssh-9.3_p1-r1::gentoo'`.
 * The complete build log is located at '/var/tmp/portage/net-misc/openssh-9.3_p1-r1/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage/net-misc/openssh-9.3_p1-r1/temp/die.env'.
 * Working directory: '/var/tmp/portage/net-misc/openssh-9.3_p1-r1/empty'
 * S: '/var/tmp/portage/net-misc/openssh-9.3_p1-r1/work/openssh-9.3p1'

>>> Failed to emerge net-misc/openssh-9.3_p1-r1, Log file:

>>>  '/var/tmp/portage/net-misc/openssh-9.3_p1-r1/temp/build.log'

 * Messages for package net-misc/openssh-9.3_p1-r1:

 * net-misc/openssh does not support USE='sctp' anymore.
 * The Base system team *STRONGLY* recommends you not rely on this functionality,
 * since these USE flags required third-party patches that often trigger bugs
 * and are of questionable provenance.
 * 
 * If you must continue relying on this functionality, switch to
 * net-misc/openssh-contrib. You will have to remove net-misc/openssh from your
 * world file first: 'emerge --deselect net-misc/openssh'
 * 
 * In order to prevent loss of SSH remote login access, we will abort the build.
 * Whether you proceed with disabling the USE flags or switch to the -contrib
 * variant, when re-emerging you will have to set
 * 
 *   OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes
 * ERROR: net-misc/openssh-9.3_p1-r1::gentoo failed (pretend phase):
 *   Building net-misc/openssh[-sctp] without OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes
 * 
 * Call stack:
 *                  ebuild.sh, line 136:  Called pkg_pretend
 *   openssh-9.3_p1-r1.ebuild, line 118:  Called die
 * The specific snippet of code:
 *   		die "Building net-misc/openssh[${disabled_eol_flags%,}] without OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes"
 * 
 * If you need support, post the output of `emerge --info '=net-misc/openssh-9.3_p1-r1::gentoo'`,
 * the complete build log and the output of `emerge -pqv '=net-misc/openssh-9.3_p1-r1::gentoo'`.
 * The complete build log is located at '/var/tmp/portage/net-misc/openssh-9.3_p1-r1/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage/net-misc/openssh-9.3_p1-r1/temp/die.env'.
 * Working directory: '/var/tmp/portage/net-misc/openssh-9.3_p1-r1/empty'
 * S: '/var/tmp/portage/net-misc/openssh-9.3_p1-r1/work/openssh-9.3p1'

real	0m18.597s
user	0m16.868s
sys	0m0.873s
pikachu ~ # 

The use flag isn’t enabled on the ebuild that is used, but it fails because of this…