@KAD First, I'm sorry, but I do not understand Swedish, but I think I got your reasoning anyway.
You are not completely wrong, however you must take into account that:
-An exploit that allows a user to get root access for several of these devices is known and has been published on the Internet
-At least in some Technicolor devices including the TG789vac v2, the TR-069 (remote control and update by ISPs) credentials and control server address can be easily found once you have a root shell. They are in a plain text file in the device's file system. The "remote control" functionality can be completely removed by deleting an executable file (cwmpd, IIRC) that starts the daemon/service that connects to the ISP, and deleting a few rows in a configuration file (that become useless anyway once cwmpd is deleted. I have done it myself even without the sources (I do not want to brag, and I am not the one who discovered this, but it is true).
-Some less security-concerned modem manufacturers even leave a SSH (or even freaking Telnet) shell open on the outside. Thousands of modems distributed by Wind (Italian ISP) were recently remotely bricked by an individual who discovered the password and wrote zeroes to the devices'flash memory and then rebooted them, leaving them in an unusable state. That is easy to disable too, just delete the user who can remotely access the device from the appropriate configuration file.
-As previously said, Technicolor shouldn't be having any difficulties in separating open source code from proprietary code, since they mantain detailed lists of which open source packages are used in each version of their software. These lists are published as PDFs on their website for anyone to see, so that is out of the question.
-Technicolor could have very well set up a build and version control system that is aware of the requirements of the GPL and allows them to quickly provide the required source code for any customized version of their software, even if they had hundreds of them.
In fact, the Software Freedom Law Center, that won several lawsuits for GPL violations, clearly highlights the importance of this point at https://www.softwarefreedom.org/resources/2008/compliance-guide.html
Some important quotes from that page:
"Knowing at all times what sources generated a given binary distribution is paramount"
and most importantly,
"Ensure that your developers are using revision control systems properly. Have them mark or tag the full source tree corresponding to builds distributed to customers. Finally, check that your developers store all parts of the software development in the revision control system, including readmes, build scripts, engineers’ notes, and documentation. Your developers will also benefit from a system that tracks the precise version of source that corresponds to any deployed binary."
This might require a little more effort on a company's part, but it's not rocket science. In fact, that page is from ten years ago.
-Technicolor is not a small software house. They sell millions of devices worldwide, and have at least hundreds of employees, so it's not like their only system administrator is on vacation and therefore my request cannot be satisfied until he's back
@Ansuel also said that they sent him some source code, but it was missing several crucial GPLv2'd kernel modules (I verified it myself), and they completely cut contact after he told them they had made a mistake. This is not, on its own, proof that their actions are made are in bad faith, but it surely doesn't make them look honest.
-Disorganization on their part is not an excuse. Imagine if the police sent you a fine to be paid in 30 days, or else they will impound your car. Let's say you do not pay in time and do not appeal it, on the 31st day the police tows your car away. You go to court and tell the judge that you didn't pay because you were busy and your house is a mess, even though you are very rich. The judge will laugh at you.
-Finally, taking two months to send the code would be unreasonable even if they were using Dropbox as their "version control system" and a guy on a bicycle as a means to deliver the code to me.
So, Technicolor could very well have complied quickly, and it is totally their fault for not doing so. What you said could justify a delay of two weeks, even a month if you're particularly generous.