I am currently one of many awesome maintainers working on this project.
The big goal is to have a globally distributed module registry, with an accompanying proxy server. This would solve the problem of build repeatability as it relates to modules. As it is now, if a developer were to force push a new tag or commit and you are using that as a dependency your builds could then break. Or what if the repository were deleted? With the exception of legal take down orders, the modules should be immutable, we as developers should be able to trust our dependencies to stay the same for any given version.
There are some very interesting technical challenges coming up. Namely cryptographic verification. This will likely be some sort of merkle tree.
The project stack is: go. The source code is Open.