Oh and one follow-up on (2): The -M modes with capital letters, i.e. "must use <some> symbol class", also sound like actually reducing the entropy and - if that's really the case - one should perhaps warn about this.
My idea is kinda: Imagine you create a password of 4 symbols. If the attacker knows, that all 4 categories (SNCL) must have been included, it will already make his work much easier. Sure, 4 symbols is not enough for any reasonable password, but I guess the same principle would probably apply to larger ones? Cheers, Chris.
