A big +1 for this one.
Currently downloads of sublimetext from the web page provide no useful way to verify that you are getting what you think you are getting. i.e. no verifiable checksum/signature.
I note that there is a 'sublime-text' package in the mint repository. My deb source line reads like so:
deb http://packages.linuxmint.com rafaela main upstream import #id:linuxmint_main
However, this is currently a couple of versions behind (version 3103).
That package's metadata says: "Maintainer: Sublime HQ email@example.com". It's unclear to me whether "Sublime HQ" contributes to the repository, and signs the package, or if the name is just imported from the unsigned package downloadable from the sublimetext.com website?