From f066001e5fc47414142547177330a4c548840a82 Mon Sep 17 00:00:00 2001
From: hyperpolymath <6759885+hyperpolymath@users.noreply.github.com>
Date: Thu, 25 Jun 2026 10:26:52 +0100
Subject: [PATCH] fix(security.txt): canon Expires 2027, real Canonical URL,
 drop bogus Hiring

- Expires 2026-12-31 -> 2027-12-31 (estate canon).
- Canonical -> https://boj-server.net/.well-known/security.txt. The old value
  pointed at a github.com/.../.well-known/security.txt path that returns 404
  (GitHub does not serve repo files there); RFC 9116 requires Canonical to be
  the actual served location, and boj-server.net is the site's main domain.
- Remove `Hiring: .../careers` (no such page -> broken link).

Contact (OU email) and the unsigned form already match canon.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 .well-known/security.txt | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.well-known/security.txt b/.well-known/security.txt
index 2a237e25..89b2526e 100644
--- a/.well-known/security.txt
+++ b/.well-known/security.txt
@@ -3,8 +3,7 @@
 # https://securitytxt.org/
 
 Contact: mailto:j.d.a.jewell@open.ac.uk
-Expires: 2026-12-31T23:59:59.000Z
+Expires: 2027-12-31T23:59:59.000Z
 Preferred-Languages: en
-Canonical: https://github.com/hyperpolymath/boj-server/.well-known/security.txt
+Canonical: https://boj-server.net/.well-known/security.txt
 Policy: https://github.com/hyperpolymath/boj-server/blob/main/SECURITY.md
-Hiring: https://github.com/hyperpolymath/boj-server/careers