"The page teaches users to use su to lower privileges ..."
In the example, he could have used his own utilities for dropping privileges (setuidgid, envuidgid from daemontools).
If I am not mistaken, busybox includes their own copies of setuidgid and envuidgid, meaning it is found in myriad Linux distributions. I believe OpenBSD has their own program for dropping privileges. Maybe there are others on other OS.
Instead he picked a ubiquitous choice for the example, su.
It is interesting to see someone express disdain for the version.txt idea. I had the opposite reaction. To me, it is beautiful in its simplicity.
As a user I like the idea of accessing a tiny text file, version.txt, similar to robots.txt, etc., that contains only a version number and letting the user insert the number into an otherwise stable URL.
I would actually be pleased to see this become a "standard" way of keeping audiences up to date on what software versions exist.
By simplifying "updates" in this way, any user can visit the version.txt page or write scripts that retrieve version.txt to check for updates, in the same way any user can visit/retrieve robots.txt to check for crawl delay times, etc.
It is not necessary to "copy and paste" from web pages. Save the "installation" page containing the stable URL as text, open it in an editor, insert the desired version number into the stable URL.
Save the file. Repeat when version number changes, appending to the file.
I like to keep a small text file containing URLs to all versions so I can easily retrieve them again at any time.
https://sorting.cr.yp.to/djbsort-20180710.tar.gz
And it's certainly not about good security practices:
* The page teaches users to paste stuff copied from web into a terminal, whereas many terminals are still vulnerable to this: https://thejh.net/misc/website-terminal-copy-paste
* The page teaches users to use su to lower privileges, whereas many (most?) su implementations are vulnerable to tty hijacking.