PyPI is the standard catalog of Python software — the place pip installs from. MessageFoundry ships there as a signed, versioned package, so getting it is one command and every release is something you can verify. New to PyPI? Here's what it is and why it's a better way to get the software.
The Python Package Index — PyPI — is the official, public catalog of Python software. It's where pip, Python's package installer, downloads from: the trusted distribution channel for Python libraries and tools, a bit like an app store for code.
When you run pip install messagefoundry, pip fetches the published MessageFoundry package from that channel and installs it along with the dependencies it declares — no cloning a repository, no building from source, no hunting for the right files. One command pulls a specific, published version onto your machine.
A published package isn't only convenient — it's a stronger trust boundary than copying source code.
No clone, no build step. pip install messagefoundry fetches the package and its dependencies, and you're ready to run.
You install a specific, frozen release — messagefoundry==X.Y.Z — not whatever happens to be on a branch that day. Pin it, and every environment gets the identical build.
Each release wheel is Sigstore-signed and carries build provenance and an SBOM, so you can verify what you installed came from the real source. How releases are signed & attested →
At the first tagged release, installation is a single line:
pip install messagefoundry
During Early Access, the published install path is the signed release wheel from GitHub Releases — public PyPI lands at the first tagged release. Either way you get the same signed, versioned artifact, and the quickstart walks through running it.
The project page lists the package, its versions, and release history — straight from the index.
