I use the .tar.xz binary but the verify fails, it says

gpg: Signature made jue 19 dic 2024 21:21:35 CST
gpg: using RSA key 0xF57D4F59BD3DF454
gpg: BAD signature from “Sublime HQ Pty Ltd support@sublimetext.com” [unknown]

Hi,
just wanted to report the same:

gpg: Signatur vom Fr 20 Dez 2024 04:21:35 CET
gpg:                mittels RSA-Schlüssel F57D4F59BD3DF454
gpg: FALSCHE Signatur von "Sublime HQ Pty Ltd <support@sublimetext.com>" [unbekannt]

I know it’s christmas, but I see @bschaaf responding to other threads - could someone from tech support please take a look at the signatures or at least respond so we see someone’s taking care?

Yes, we’re all taking time off and I’ll be taking a look when I get back. If you’re intent on checking the validity of the file here’s its md5sum: 635a8348bc707cbfd985308157be30cc.

Thanks for the update, no problem if it takes some days. I just wanted to ensure the problem is noted.
Basic intention is to ensure no 3rd party has tampered with the binary I’m downloading.

As there’s no official reply - the signature has been fixed, check works now:

gpg: Signatur vom Fr 03 Jan 2025 07:40:35 CET
gpg: mittels RSA-Schlüssel F57D4F59BD3DF454
gpg: Korrekte Signatur von “Sublime HQ Pty Ltd support@sublimetext.com” [unbekannt]