Last revised: 8 May 2026 Here you will find the following folders: devel/ contains recent development version archives release/ latest stable release version archives older/ older release version archives modules/ modules from the devel/ source packages usersguides/ XYPLOT User's Manuals gitlogs/ git repository commit logs (revision history) The source archives are in .tar.gz format, which is a compressed format. Click on a file to download it. Standard tools such as tar may be used to decompress and extract the contents. The extracted folder will have the name and contain various subfolders. See the user's manual for build instructions. Some web browsers may gratuitously decompress the archive file when downloading it, in which case the downloaded file size will be much greater than indicated in the folder. When this happens it is not possible to extract the contents without renaming the file to have an extension of .tar instead of .tar.gz. It is also not possible to authenticate the download if the browser decompresses it and discards the original file. For such cases, you may download the original file using curl curl -O https://ccreweb.org/software//.tar.gz Example: curl -O https://ccreweb.org/software/xyplot/Downloads/older/XYPLOT-32-2.5.1.tar.gz Authenticating the downloaded file is described below. The folders Downloads/devel, Downloads/release, and Downloads/older contain additional files which allow you to verify the authenticity of your downloads. Two methods of verifying your downloads are: Method 1. SHA256 hash comparison This simpler method requires you to locally compute the sha256 hash for your downloaded .tar.gz file and compare it against the hash given for the file in sha256sums.txt. Under linux, you may use the command sha256sum to locally compute the hash of the download, $ sha256sum .tar.gz or Method 2. Validate download against signature file This is a stronger authentication method which uses public key signatures and requires that you I. install GPG or PGP software on your system, and II. download the public key from any public PGP key server, such as https://keys.openpgp.org for the following email address krishna.myneni@ccreweb.org and III. import the downloaded signature file into your list of known keys. To authenticate with a signature file: a) Download both the compressed archive (.tar.gz) and its corresponding signature (.sig) file. b) Verify the signature matches your download. On Linux with gpg, this is done using the command $ gpg --verify .sig .tar.gz