This project is closed and will not be reopened.
The essential flaw was in Package Control's auto-update mechanism. One git push
from me, and I would have been able to change everyone's copy of this tool to a new version that transparently captured any documents encrypted and sent them somewhere anonymous, or something equally malicious. Use your imagination.
Therefore I am doing the right thing, and shutting the project down. I am leaving the repository up as a lesson of why you shouldn't play with crypto if you don't know what you're doing.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
MIME-Version: 1.0
Received: by 10.25.23.96 with HTTP; Fri, 27 Mar 2015 02:33:00 -0700 (PDT)
In-Reply-To: <CAKnzDZ==f4WaKZU8F04iauMFUEWkUc5expixUxVn5SuOCxu2Mw@mail.gmail.com>
References: <CAKnzDZ==f4WaKZU8F04iauMFUEWkUc5expixUxVn5SuOCxu2Mw@mail.gmail.com>
Date: Fri, 27 Mar 2015 02:33:00 -0700
Delivered-To: crowsonkb@gmail.com
Message-ID: <CAKnzDZkcBs_6XKffkfvsPpeJX0F2P8bQbn0diRmb7tRSJ2Th+Q@mail.gmail.com>
Subject: Re: Please remove SublimeGPG from Package Control.
From: Katherine Crowson <crowsonkb@gmail.com>
To: will@wbond.net
Content-Type: text/plain; charset=UTF-8
The entire thing was a stupid idea. I did nothing malicious, but now
realize I easily could have. Since no one has any reason to trust me,
I want the package gone.
https://github.com/crowsonkb/SublimeGPG
Thanks,
Katherine Crowson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCgAGBQJVFep/AAoJEHYy4Fwzc1n84JEH/0ONAswIGmGMb32UorF7V4IT
suJYQwRQNtzMs0xOV0JywKZUZSacInm2qwzLqGzruqfCMg+PaBCWAwg8CKILfMp8
5fFdVlNe+FB6cuBo0cJSO5UaL/VabTBle4e1D7tJHpfZPTOi71wR9uyD5ZG4aMid
oYEByRkkAOQlAmULX4bXc6PzS9p4/GVP0WzsAwcdXsdWyg2UX/lrDMru8Lvrst8P
hMah3cD86LlOiGfdOjZOuo1rVHI9S67KJ/SWnaWHmuEMAZW6OyhUF5eHbcbH9qZA
TWa3+c/fpe5YGngyt3OvnctOrC2G9qHu/xUgitrJYLgluioB0mBIeeEbpmUITU4=
=6aDf
-----END PGP SIGNATURE-----