Dumping the code somewhere is next to useless. NASA open-sources a ton of code (https://www.github.com/nasa), but the vast majority of it gets open-sourced at the end of a project and there's no money set aside for maintenance so it's mostly abandoned. I have one such project that I keep up the maintenance on my own time, but if I ever leave NASA I won't be able to even do that.

Because it's huge (perceived) risk for (often) little gain. These projects (I'm especially familiar with research) aren't known for code quality and following best practices regarding security etc. So you open yourself for shaming and casual hacking for some unquantifiable benefit of open-source contributions.

> and following best practices regarding security

Who cares, as long as you make it clear that it's a pure research project?

The problem with Actix was that they marketed it as production-ready.

The mechanics of putting a tarball somewhere on the Internet are simple and cheap, but that action also directly and indirectly greatly increases the potential for liability. This effectively requires the organization to create additional management and processes to mitigate this increased potential for liability. It is a headache many organizations want to avoid or can't afford.

Yes, "dumping source code" is simple and cheap. Managing the implications of doing so are not. I know of many cases where companies backed away from open sourcing software due to the overhead it would entail, even when they could afford it in principle.

Which liabilities? Most open source licenses come with a WITHOUT WARRANTY OF ANY KIND clause.

Open sourcing creates multiple classes of risk outside the scope of the license which any properly run company must manage.

As a couple elementary examples, it greatly increases your exposure to claims of patent and copyright infringement based on the actions of your employees, both intentional and inadvertent. It significantly increases the risk that the company's trade secrets and other non-public IP accidentally end up in the public domain. You must ensure that open sourced code does not come in conflict with contractual agreements with other parties. And that is after you get every outside stakeholder in the business's strategic objectives to sign-off on it, which isn't always easy.

When an organization decides to open source a bit of code, they have to run a formal diligence process to ensure there is minimal risk of any of the above and then put a process in place to help ensure that going forward. I've seen this process at multiple companies, it is not lightweight and involves lots of lawyers and documentation that would never happen otherwise. Many companies decide it isn't worth the money or distraction.

Because it’s effort. People will want you to make enhancements and maybe expect changes. It may link to proprietary libraries. Open source is not really just about dumping code on GitHub.

To be clear, if someone wants to just do a code dump under an open source license, ignore it, and send any communications about the code to /dev/null that’s their choice. Probably not a very useful one but a valid one.